Preparations for installing the database

If you want to change database settings at a later date, you can do so in the DOC at Settings -> Backend -> Server settings or Database & event data maintenance. For more information, please refer to the technical articles "Database Guide" and "Database Migration" on DriveLock Online Help.

The following accounts are involved in the installation:

  • The DES service account is the Windows account used to run the DES service. This is specified during installation and gains access to the database through the installation.

  • The Windows account that installs the DES and has local administrator rights. This is usually the logged-in user who performs the installation.

  • By default, the account used to access the database is the same account that performs the installation. However, you can specify a different Windows or SQL Server authentication in the installation wizard.

Permissions for the database installation

The account used to access the database during installation requires the following privileges:

SQL server roles:

  • dbcreator: needed to create the database

  • securityadmin: needed to create the login for the DES service account

Alternatives for enterprise environments:

  • A SQL Server administrator can arrange for creating the database and the login for the DES service account. The login used during installation requires only the public SQL Server role and must be a member of the db_owner role in the DriveLock database.

  • During the installation, you can choose whether to create the database or use a prepared database. You can also specify whether to create the login for the DES service account or not. This will allow customizing the required permissions on the SQL Server for the installation login.

  • Future updates will only require membership in the db_owner role of the DriveLock database for the installation login.

Permissions of the DES service account on the database

For operation, the DES service account requires the following role memberships in the DriveLock database:

  • db_datareader: Read data

  • db_datawriter: Write data

  • srcsystem: custom role installed by DriveLock, allows to run stored procedures and use custom table types.

For database maintenance (index maintenance), backups and deletion of old data, the DES service account additionally requires role membership for db_owner. This is optional and recommended for operation with SQL Server Express, where no SQL jobs can be created for these tasks. During installation it is possible to select whether the DES service account gets this permission.