Accounts for working with the DBMS

To install Administration Server and work with it, you need an internal DBMS account. This account allows you to access the DBMS and requires specific rights. A set of the required rights depends on the following criteria:

DBMS type:
- MySQL or MariaDB
- PostgreSQL or Postgres Pro
Method of the Administration Server database creation:
- Automatic. During the Administration Server installation, you can automatically create an Administration Server database (hereinafter also referred to as a Server database) by using the Administration Server installer (the installer).
- Manual. You can use a third-party application or a script to create an empty database. After that, you can specify this database as the Server database during the Administration Server installation.

Follow the principle of least privilege when you grant rights and permissions to the accounts. This means that the granted rights should be only enough to perform the required actions.

The tables below contain information about the DBMS rights that you should grant to the accounts before you install and start Administration Server.

MySQL and MariaDB

If you choose MySQL or MariaDB as a DBMS, create a DBMS internal account to access the DBMS, and then grant this account the required rights. Note that the database creation method does not affect the set of rights. The required rights are listed below:

Schema privileges:
- Administration Server database: ALL (excluding GRANT OPTION).
- System schemes (mysql and sys): SELECT, SHOW VIEW.
- The sys.table_exists stored procedure: EXECUTE (if you use MariaDB 10.5 or earlier as a DBMS, you do not need to grant the EXECUTE privilege).
Global privileges for all schemes: PROCESS, SUPER.

For more information on how to configure the account rights, see Configuring the DBMS account for work with MySQL and MariaDB.

Configuring privileges for Administration Server data recovery

Rights that you granted to the internal DBMS account are enough to restore Administration Server data from the backup.

PostgreSQL or Postgres Pro

If you choose PostgreSQL or Postgres Pro as a DBMS, you can use the Postgres user (the default Postgres role) or create a new Postgres role (hereinafter also referred to as a role) to access the DBMS. Depending on the creation method of the Server database, grant the required rights to the role as described in the table below. For more information on how to configure rights of the role, see Configuring the DBMS account for work with PostgreSQL or Postgres Pro.

Rights of the Postgres role

Automatic database creation

Manual database creation

The Postgres user does not require additional rights.

Privileges for a new role: CREATEDB.

For a new role:

Privileges on Administration Server database: ALL.
Privileges on all tables in the public schema: ALL.
Privileges on all sequences in the public schema: ALL.

Configuring privileges for Administration Server data recovery

To restore Administration Server data from the backup, the Postgres role used to access to the DBMS must have the owner rights on the Administration Server database.

Page top