Configuring Microsoft SQL Server user roles

Applies to:
  • Forcepoint Web Security, v8.5.x
  • Forcepoint URL Filtering, v8.5.x

Microsoft SQL Server defines SQL Server Agent roles that govern accessibility of the job framework. The SQL Server Agent jobs are stored in the SQL Server msdb database.

To install Log Server successfully, the user account that owns the reporting database must have one of the following membership roles in the msdb database and db_datareader:

  • SQLAgentUserRole
  • SQLAgentReader Role
  • SQLAgentOperator Role

The SQL user account must also have dbcreator fixed server role privilege. The Forcepoint Email Security user account must have sysadmin fixed server role privilege.

Use Microsoft SQL Server Management Studio to grant the database user account the necessary permissions to successfully install Log Server.

Steps

  1. On the SQL Server machine, go to Start > Programs > Microsoft SQL Server > Microsoft SQL Server Management Studio.
  2. Log into SQL Server as a user with SQL sysadmin right.
  3. Select the Object Explorer tree, and then go to select Security > Logins.
  4. Select the login account to be used during the installation.
  5. Right-click the login account and select Properties for this user.
  6. Select Server Roles, and then select dbcreator. For Forcepoint DLP, Forcepoint Email Security, and Forcepoint Web Security with the Web DLP module, also select sysadmin.
  7. Select User Mapping and do the following:
    1. Select msdb in database mapping.
    2. Grant membership to one of these roles:
      • SQLAgentUserRole
      • SQLAgentReader Role
      • SQLAgentOperator Role and also to:
      • db_datareader
    3. Select wbsn-data-security in database mapping and mark it as “db_owner”.
    4. Select wbsn-data-security-temp-archive in database mapping and mark it as “db_owner”.
    5. Click OK to save your changes.
  8. Click OK to save your changes.