Clients are pushing back on service accounts needing ongoing Local Admin permissions after installation. Can the Data Platform Service account permissions be reduced from Local Administrator to a lower level for ongoing function?
What are those permissions?
Jan 21, 2022 01:44 PM
@gliu , does this mean that:
1) any time an upgrade happens, potentially it could require sa privileges, as an upgrade could possibly edit the schema?
2) sysadmin privilege is not required in the day-to-day running of the application?
Mar 05, 2023 04:12 PM
SA privileges are not required unless it's your first time installing the application, or you are going to recreate the whole BDNA and BDNA_PUBLISH database.
For the day-to-day running of the application and upgrading, the db_owner + public privileges will take care of them.
Mar 06, 2023 11:18 AM
What do we need to do if the original install was done with the original requirement of Interactive Logon for service accounts without having to reinstall or recreate the database since there are integrations to other systems in production?
Mar 06, 2023 11:21 AM
@gliu , thanks. In my test rig, I removed sysadmin from the FDP service account, leaving only db_owner and public on both databases, then applied the latest update to v5.5.62.
This worked without issue.
Mar 09, 2023 06:45 PM
I've asked about this as well and was told the 2022 version removed the requirement of the service account interactive logon https://community.flexera.com/t5/Data-Platform-Release-Blog/Data-Platform-2022-5-5-58-Patch-October-2022/bc-p/256358#M75 but I've asked follow ups for this on how to remove the requirement on a current implementation. I can't reinstall due to integrations to other systems.
The documents seem to still have it as required but I can't seem to get any answers.
Dec 07, 2022 10:23 AM
Our Team is aware of your query, and we are currently reviewing this internally for you.
We will update the thread as soon as we have the details on this for you.
Dec 07, 2022 12:04 PM