Which permissions are required?

During Forcepoint DLP installation, modification, or repair, the account used for database creation and access needs sysadmin server role membership. Also, Backup database permission on the URL database is required for installation only. After installation, the account privileges can be reduced to the db_owner of the newly created databases, and no access to any other user database except system databases such as UEL, tempdb, and model is required. Additionally, the dbcreator server role should be granted to enable backup and restore functionality.

If you’re using SQL Server to install the Web Log Server and Email Log Server, the user account that owns the reporting database must:

• Be a member of the dbcreator server role
• In the msdb database:
  • Have membership in the db_datareader role
  • Have membership in one of the following roles:
    • SQLAgentUser Role
    • SQLAgentReader Role
    • SQLAgentOperator Role

For SQL Server Express, the user account requires the sysadmin server role.

See the Certified Product Matrix for supported versions of SQL Server.