User privileges for MS SQL Server and CCS databases

The CCS infrastructure uses two SQL Server databases CSM_DB and CSM_Reports. These databases are known as production database and reporting database respectively. These databases are created during the installation of the CCS Application Server. The SQL Server instance can be located on the same computer as the CCS Application Server or on a separate computer. The databases are case sensitive and hence you must ensure that you have the correct database names.
If you use the Windows authentication mode, then the credentials of the user who installs the CCS Application Server is used to connect to the SQL Server. The credentials of the user in whose context the Application Server Service is installed are used in the post-installation.
If you use the Windows authentication mode for accessing the CCS database, the SQL Server service account must be a NETWORK SERVICE account or a domain user account. If the SQL Server service account is other than a NETWORK SERVICE account or a domain user account, you must set the Service Principal Name (SPN) on the SQL Server service account for authentication of the CCS Application Server service account
If you use the SQL authentication mode, then the credentials of the SQL user is used to connect to the SQL Server during the CCS Application Server installation.
The user privileges on the SQL server varies for the CCS Application Server component installation based on whether you use an existing database or not. You can create the two databases prior to installing the product components.
These user privileges also depend whether the SQL server is in the Windows authentication mode or the SQL authentication mode.
The user privileges on the SQL server when no existing databases are created for the Application Server component installation are as follows:
User privileges on SQL server if no existing databases are used
User context
Privileges for Windows authentication mode
Privileges for SQL authentication mode
Install user
You must have sysadmin rights on the SQL server during the installation.
After the successful installation of the component, you can change the database rights to db_owner.
The SQL account specified during installation must have sysadmin rights.
After the successful installation of the component, you can change the database rights to db_owner.
Application Server Service user
You must have db_owner rights on the SQL server during the installation.
You do not require specific privileges if you are using SQL authentication.
User privileges on SQL server for using the existing databases
User context
Privileges for Windows authentication mode
Privileges for SQL authentication mode
Install user
When the user context for the installation of the Application Server component and Application Server Service are same.
Do the following:
  • Create the empty databases for CSM_DB and CSM_Reports.
  • Assign the db_owner rights to the user in whose context the component is installed.
Do the following:
  • Create the empty databases for CSM_DB and CSM_Reports.
  • Specify a user who has the db_owner rights.
Application Server Service user
When the user context for the installation of the Application Server component and Application Server Service are different
Do the following:
  • Create the empty databases for CSM_DB and CSM_Reports.
  • Assign the db_owner rights to both users.
    You must add the user in whose context the service is executed to the user in whose context the component is installed.
    You also must assign the following permissions to the added user through the securables option:
    • Control
Do the following:
  • Create the empty databases for CSM_DB and CSM_Reports.
  • Specify a user who has the db_owner rights.
If you have installed CCS databases on SQL Server 2012 and use Windows authentication, NT ATHORITY\SYSTEM must have db_owner permissions on CSM_DB and CSM_Reports databases.