User privileges for deploying CCS components

The CCS infrastructure supports multiple deployments of the product components. Every component such as the CCS Application Server, the CCS Manager, and the CCS Agent comprises services that are a part of the deploying component. To install the components successfully, you require specific permissions and privileges. Besides, you must also configure the user accounts with specific privileges to run the services that are a part of the components. The user in which context the product component is installed need not necessarily be a regular user of the component. Sometimes, the user might need to have higher permissions and privileges than the regular user.
User privileges to deploy CCS components
Deployment task
Description
User privileges required
Install CCS Application Server
The following components are installed for the CCS Application Server:
  • Application Server
  • CCS Console
  • CCS Web Console
  • Databases
You must have all the following user privileges to install the component:
  • Domain user
  • Local administrator
The users in whose context the Directory Service and the Application Server Service are run on the computer must have the following user privileges:
  • Domain user
Refer to the User privileges on SQL server if no existing databases are used topic for more information.
Refer to the User privileges on SQL server for using existing databases topic for more information.
Install CCS Manager
Installs the CCS Manager.
You must have all the following user privileges to install the component:
  • Local or domain user
  • Local administrator
Install CCS Agent
Installs the CCS Agent
You must have all the following user privileges to install the component:
  • Local or domain user
  • Local administrator
Install CCS Content
Installs additional CCS content
You must have all the following user privileges to install additional CCS content:
  • CCS administrator
  • Local administrator
Configure Service Principal Name (SPN) configuration
Sets the required SPNs for the CCS components.
You must have the following user privileges to set the SPNs:
  • Domain administrator
Create certificates
Creates certificates for installing standalone CCS Managers
You must have the following user privileges to create certificates:
  • CCS administrator
  • Local administrator
Add / Upgrade CCS components
Adds/upgrades components to an existing CCS installation
You must have all the following user privileges to add/upgrade the CCS components:
  • CCS administrator
  • Local administrator
  • Domain user
Repair CCS components
Repairs an existing CCS installation
You must have all the following user privileges to repair the CCS components:
  • CCS administrator
  • Local administrator
If you are not the Application Server Service account user and you are using Windows authentication, for repairing the CCS Application Server you require the following user privileges on the SQL Server
  • db_owner, and Control permission through the securable option.
Uninstall CCS Components
Uninstalls all or specific CCS components
You must have all the following user privileges to uninstall the CCS components:
  • CCS administrator
  • Local administrator
CCS Administrator privileges are not required if you are uninstalling all CCS components.
If you are not the Application Server Service account user and you are using Windows authentication, for uninstalling the CCS Application Server you require the following user privileges on the SQL Server
  • sysadmin
Upgrade CCS Application Server and CCS Directory Server
Upgrades the CCS Application Server and CCS Directory Server from an earlier version to CCS 12.0.
You must have all the following user privileges to upgrade the CCS Application Server and CCS Directory Server from an earlier version to CCS 12.0:
  • CCS administrator
  • Local administrator
  • Domain user
For privileges required on the SQL Server, User privileges for MS SQL Server and CCS databases
User privileges for CCS services
CCS service
CCS service name
User privileges required
Directory Service
Symantec Directory Support Service
You must have the following user privileges for the service:
  • Domain user
The user must have Local administrator privileges.
Encryption Management Service
Symantec Encryption Management Service
You must have the following user privileges for the service:
  • Domain user
The user must have Local administrator privileges.
Application Server Service
Symantec Application Server Service
You must have all the following user privileges for the service:
  • Domain user
The user must have Local administrator privileges.
You require db_owner rights if you are using Windows authentication to connect to the SQL Server for creating the CCS databases.
Refer to the User privileges on SQL server if no existing databases are used topic for more information.
Refer to the User privileges on SQL server for using existing databases topic for more information.
CCS Manager in the reporting role
Symantec Data Processing Service for the reporting role
You must have all the following user privileges for the service:
  • db_owner on CSM_Reports database
  • Log on as a batch job privilege for the service account of the Application Server on the CCS Manager computer
Note
: Starting from CCS 12.5, the Application Server Service Account requires
Log on as a batch job
permission instead of the
Log on Locally
permission.
CCS Manager in the data evaluator
Symantec Data Processing Service for the data evaluation
You must have all the following user privileges for the service:
  • Log on as a batch job privilege for the service account of the Application Server on the CCS Manager computer
Note
: Starting from CCS 12.5, the Application Server Service Account requires
Log on as a batch job
permission instead of the
Log on Locally
permission.
CCS Manager in other roles
Symantec Data Processing Service for roles of a load balancer or data collector
No additional permission is required.
CCS Manager in the external data connector role
Symantec Data Processing Service for the role of an external data connector
You must have all the following user privileges for the service:
  • db_owner on CSM_Reports database
  • Log on as a batch job privilege for the service account of the Application Server on the CCS Manager computer
Note
: Starting from CCS 12.5, the Application Server Service Account requires
Log on as a batch job
permission instead of the
Log on Locally
permission.
CCS Agent
Symantec CCS Agent
You must have the following user privileges for the service:
  • Local administrator