User privileges for deploying CCS components
The CCS infrastructure supports multiple deployments of the product components. Every component such as the CCS Application Server, the CCS Manager, and the CCS Agent comprises services that are a part of the deploying component. To install the components successfully, you require specific permissions and privileges. Besides, you must also configure the user accounts with specific privileges to run the services that are a part of the components. The user in which context the product component is installed need not necessarily be a regular user of the component. Sometimes, the user might need to have higher permissions and privileges than the regular user.
Deployment task | Description | User privileges required |
|---|---|---|
Install CCS Application Server | The following components are installed for the CCS Application Server:
| You must have all the following user privileges to install the component:
The users in whose context the Directory Service and the Application Server Service are run on the computer must have the following user privileges:
Refer to the User privileges on SQL server if no existing databases are used topic for more information. Refer to the User privileges on SQL server for using existing databases topic for more information. |
Install CCS Manager | Installs the CCS Manager. | You must have all the following user privileges to install the component:
|
Install CCS Agent | Installs the CCS Agent | You must have all the following user privileges to install the component:
|
Install CCS Content | Installs additional CCS content | You must have all the following user privileges to install additional CCS content:
|
Configure Service Principal Name (SPN) configuration | Sets the required SPNs for the CCS components. | You must have the following user privileges to set the SPNs:
|
Create certificates | Creates certificates for installing standalone CCS Managers | You must have the following user privileges to create certificates:
|
Add / Upgrade CCS components | Adds/upgrades components to an existing CCS installation | You must have all the following user privileges to add/upgrade the CCS components:
|
Repair CCS components | Repairs an existing CCS installation | You must have all the following user privileges to repair the CCS components:
If you are not the Application Server Service account user and you are using Windows authentication, for repairing the CCS Application Server you require the following user privileges on the SQL Server
|
Uninstall CCS Components | Uninstalls all or specific CCS components | You must have all the following user privileges to uninstall the CCS components:
CCS Administrator privileges are not required if you are uninstalling all CCS components. If you are not the Application Server Service account user and you are using Windows authentication, for uninstalling the CCS Application Server you require the following user privileges on the SQL Server
|
Upgrade CCS Application Server and CCS Directory Server | Upgrades the CCS Application Server and CCS Directory Server from an earlier version to CCS 12.0. | You must have all the following user privileges to upgrade the CCS Application Server and CCS Directory Server from an earlier version to CCS 12.0:
For privileges required on the SQL Server, User privileges for MS SQL Server and CCS databases |
CCS service | CCS service name | User privileges required |
|---|---|---|
Directory Service | Symantec Directory Support Service | You must have the following user privileges for the service:
The user must have Local administrator privileges. |
Encryption Management Service | Symantec Encryption Management Service | You must have the following user privileges for the service:
The user must have Local administrator privileges. |
Application Server Service | Symantec Application Server Service | You must have all the following user privileges for the service:
The user must have Local administrator privileges. You require db_owner rights if you are using Windows authentication to connect to the SQL Server for creating the CCS databases. Refer to the User privileges on SQL server if no existing databases are used topic for more information. Refer to the User privileges on SQL server for using existing databases topic for more information. |
CCS Manager in the reporting role | Symantec Data Processing Service for the reporting role | You must have all the following user privileges for the service:
Note : Starting from CCS 12.5, the Application Server Service Account requires Log on as a batch job permission instead of the Log on Locally permission. |
CCS Manager in the data evaluator | Symantec Data Processing Service for the data evaluation | You must have all the following user privileges for the service:
Note : Starting from CCS 12.5, the Application Server Service Account requires Log on as a batch job permission instead of the Log on Locally permission. |
CCS Manager in other roles | Symantec Data Processing Service for roles of a load balancer or data collector | No additional permission is required. |
CCS Manager in the external data connector role | Symantec Data Processing Service for the role of an external data connector | You must have all the following user privileges for the service:
Note : Starting from CCS 12.5, the Application Server Service Account requires Log on as a batch job permission instead of the Log on Locally permission. |
CCS Agent | Symantec CCS Agent | You must have the following user privileges for the service:
|