Accounts for working with the DBMS
To install Administration Server and work with it, you need an internal DBMS account. This account allows you to access the DBMS and requires specific rights. A set of the required rights depends on the following criteria:
- DBMS type:
- MySQL or MariaDB
- PostgreSQL or Postgres Pro
- Method of the Administration Server database creation:
- Automatic. During the Administration Server installation, you can automatically create an Administration Server database (hereinafter also referred to as a Server database) by using the Administration Server installer (the installer).
- Manual. You can use a third-party application (for example, SQL Server Management Studio) or a script to create an empty database. After that, you can specify this database as the Server database during the Administration Server installation.
Follow the principle of least privilege when you grant rights and permissions to the accounts. This means that the granted rights should be only enough to perform the required actions.
The tables below contain information about the DBMS rights that you should grant to the accounts before you install and start Administration Server.
MySQL and MariaDB
If you choose MySQL or MariaDB as a DBMS, create a DBMS internal account to access the DBMS, and then grant this account the required rights. Note that the database creation method does not affect the set of rights. The required rights are listed below:
- Schema privileges:
- Administration Server database: ALL (excluding GRANT OPTION).
- System schemes (mysql and sys): SELECT, SHOW VIEW.
- The sys.table_exists stored procedure: EXECUTE (if you use MariaDB 10.5 or earlier as a DBMS, you do not need to grant the EXECUTE privilege).
- Global privileges for all schemes: PROCESS, SUPER.
For more information on how to configure the account rights, see Configuring the DBMS account for work with MySQL and MariaDB.
Configuring privileges for Administration Server data recovery
Rights that you granted to the internal DBMS account are enough to restore Administration Server data from the backup.
PostgreSQL or Postgres Pro
If you choose PostgreSQL or Postgres Pro as a DBMS, you can use the postgres user (the default Postgres role) or create a new Postgres role (hereinafter also referred to as a role) to access the DBMS. Depending on the creation method of the Server database, grant the required rights to the role as described in the table below. For more information on how to configure rights of the role, see Configuring the DBMS account for work with PostgreSQL or Postgres Pro.
Rights of the Postgres role
Automatic database creation | Manual database creation | |
The postgres user does not require additional rights. | Privileges for a new role: CREATEDB. | For a new role:
|
Configuring privileges for Administration Server data recovery
To restore Administration Server data from the backup, the Postgres role used to access to the DBMS must have the owner rights on the Administration Server database.