The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.
Clients are pushing back on service accounts needing ongoing Local Admin permissions after installation. Can the Data Platform Service account permissions be reduced from Local Administrator to a lower level for ongoing function?
What are those permissions?
‎Jan 21, 2022 01:44 PM
An account with sysadmin privilege will be required if need to recreate the BDNA and BDNA_PUBLISH schema.
‎Mar 03, 2023 06:12 PM
I too am interested in this.
For installing, sa privileges for the SQL database are also required, and this is also not great.
j
‎Jan 24, 2022 06:45 PM
Is sysadmin actually required.
‎Dec 06, 2022 12:57 PM
An account with sysadmin privilege will be required if need to recreate the BDNA and BDNA_PUBLISH schema.
‎Mar 03, 2023 06:12 PM
@gliu , does this mean that:
1) any time an upgrade happens, potentially it could require sa privileges, as an upgrade could possibly edit the schema?
2) sysadmin privilege is not required in the day-to-day running of the application?
j
‎Mar 05, 2023 04:12 PM
SA privileges are not required unless it's your first time installing the application, or you are going to recreate the whole BDNA and BDNA_PUBLISH database.
For the day-to-day running of the application and upgrading, the db_owner + public privileges will take care of them.
‎Mar 06, 2023 11:18 AM
What do we need to do if the original install was done with the original requirement of Interactive Logon for service accounts without having to reinstall or recreate the database since there are integrations to other systems in production?
‎Mar 06, 2023 11:21 AM
@TeriStevenson you can revoke the sysadmin privilege for the service account after the install completes, but please make sure it has the db_owner role assigned.
‎Mar 06, 2023 11:45 AM
@gliu , thanks. In my test rig, I removed sysadmin from the FDP service account, leaving only db_owner and public on both databases, then applied the latest update to v5.5.62.
This worked without issue.
j
‎Mar 09, 2023 06:45 PM
Curious if you got an answer to this?
‎Nov 01, 2022 03:46 PM
I've asked about this as well and was told the 2022 version removed the requirement of the service account interactive logon https://community.flexera.com/t5/Data-Platform-Release-Blog/Data-Platform-2022-5-5-58-Patch-October-2022/bc-p/256358#M75 but I've asked follow ups for this on how to remove the requirement on a current implementation. I can't reinstall due to integrations to other systems.
The documents seem to still have it as required but I can't seem to get any answers.
‎Dec 07, 2022 10:23 AM
Hi All,
Our Team is aware of your query, and we are currently reviewing this internally for you.
We will update the thread as soon as we have the details on this for you.
Many thanks,
Andrew
‎Dec 07, 2022 12:04 PM