cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Why i need SQL SA level account credentials for Configuration Wizard

In this article you will learn the process or requirements for SQL credentials during Orion Configuration wizard to connect the application with SQL server and logic behind the process .

Stage # 1.

In the configuration wizard 1st step , we need to use a "sa" account (recommended) the logic behind that is the "sa" account is the member of sysadmin role , & therefore "sa" & sysadmin roles are the members of  dbcreator server role by default.

In the meantime you can also use the Windows authentication account (as far as that account is a member of dbcreator server role).

The reason we use high privileged account on the 1st step so we can access the SQL server without any security issues and as mentioned the sa account is a member of dbcreator server role by default (who have privileges to create a new database within SQL server)

pastedImage_6.png

Stage # 2
Now in the 2nd step of configuration wizard you simply select to create a new database (SolarWindsOrion) name of the orion database. Or an existing migrated Database

pastedImage_15.png

Stage # 3
Finally in the 3rd option you have to create a new "SQL authentication account" called "SolarWindsOrionDatabaseUser" the logic behind to create this account (it is just a public account that have read/write access to the Orion database) and nothing other then that, for day to day activities.Its not feasible as security point of view to use the "sa" account to access the Orion database,as this account has far more privileges and therefore not suitable in a day to day scenario.

pastedImage_9.png

I have already created SQL account for Orion where i can use it in configuration wizard ?


So if you do have already 3rd option account created you can simply use that account while connecting to the SQL Database on 1st step 



Common Issues:

I have created database using same configuration wizard and failed to connect to the other database i have just created why ?

I am unable to switch my Database ?

I am running an upgrade and Configuration Wizard not moving ahead (Multiple Polling Engine Detected ) after connecting to the Orion DB why ?

You Ran Orion Configuration Wizard > Created Brand new database (Database-1) then created another Database using the Configuration Wizard (Database-2)

Now you wish to change the Database-2 to Database-1 and failed with an Error.

ERROR SceneContainer - SceneContainer:bntNext_Click: System.Data.SqlClient.SqlException (0x80131904): VIEW SERVER STATE permission was denied on object 'server', database 'master'.

The user does not have permission to perform this action.

The reason User account permission to go the SQL Server > and check the User permissions and default database assigned to the user . (Please contact your DBA) and make sure the account does have proper permissions as explained above

Further your DBA can change the default database as required by the application to use.

So the user can create the DB - (DB Creator Role ) but he cannot change the default database assigned to the user .

User needs more permissions to make changes into the DB - Please use the Step #1 and use the sa account let the Configuration wizard create the Orion user account with appropriate permissions.

Or contact your DBA for any further changes with user permissions.

Comments

GoldTipu​ First of all thanks for sharing this...

One quick clarification needed... So the 'sa' rights will be used in initial stage only to contact the SQL server safely and the account that will actually be accessing the DB would be 'SolarwindsOrionDatabaseuser' with default password assigned to it, am i right?

If the above is true, then do i need to specifically request the DB admins to grant specific access for this user account?

And to know the default DB password details, is this location the correct one: C:\Program Files (x86)\Solarwinds\Orion\SWNetPerfMon.db

Hello pratikmehta003

Q: 'sa' rights will be used in initial stage only to contact the SQL server safely and the account that will actually be accessing the DB would be 'SolarwindsOrionDatabaseuser'

A: Thats true.

Q: 'SolarwindsOrionDatabaseuser' with default password assigned to it, am i right?

A: During the configuration wizard you will have to chose the password for the DB user 'SolarwindsOrionDatabaseuser'

Once that will be done the Configuration Wizard and application will be assigned to use the sql user 'SolarwindsOrionDatabaseuser'

You

You do not need DBA for this all your just need to make sure you keep your password saved .

pastedImage_0.png

And to know the default DB password details, is this location the correct one: C:\Program Files (x86)\Solarwinds\Orion\SWNetPerfMon.db

Yes its true but it will be encrypted

Thanks a lot GoldTipu

You are most welcome here.

GoldTipu

One more clarification... As part of the 3rd step where you configure another SQL authentication account, do I need to assign any specific roles on the SQL level or it will be taken care when it contacts the SQL server?

It will be taken care of by the Config Wizard.

thank you so much...

Version history
Revision #:
1 of 1
Last update:
‎12-15-2016 04:55 AM
Updated by: