Configuration Manager database access
The System Center Configuration Manager connector requires a SQL Login to exist in the Configuration Manager site database, with all the following rights:
- db_datareader database role
- Explicit Execute permissions to the scalar value function fn_GetAppState
- Explicit Execute permissions to the scalar value function fnGetSiteNumber
The above rights can be granted in either of two main ways:
- If the connector is using a SQL Login, then create the login on the Configuration Manager database and grant it the above rights
- If the connector is using Windows Authentication, then you can use one of the following:
- Create a SQL Login for the Tachyon server's computer$ account, and grant it the rights.
Add the Tachyon server's computer$ account to the ConfigMgr_DViewAccess localgroup on the Configuration Manager database server.
The existence of the ConfigMgr_DViewAccess localgroup depends on the version of Configuration Manager. It is safe to create the localgroup on the SQL Server if it does not already exist. If it already exists you will need to confirm it has a SQL Login and all the necessary rights, as Configuration Manager setup does not always configure this group correctly. The ConfigMgr_DViewAccess option will be familiar to you if you have previously set up Configuration Manager access for the ActiveEfficiency Scout, as required for AppClarity 5.x or Shopping 5.x.
When the connector is configured to use Windows Authentication, the connector is actually using the SLA Platform Integrate Agent service account. Tachyon Setup configures this service to use Network Service which translates as the Tachyon server's computer$ account on a remote server.
The following SQL script can be used to create a Login for ConfigMgr_DViewAccess and grant it permissions on the Configuration Manager database. You must create the group before running the script, and then add the Tachyon server's computer$ account to the group.