The documentation is clear on what is required for the Event Bropker service account:
- access to read each of the connected directories for each of the MAs defined by the corresponding ILM/FIM configuration, e.g. member of the Readers group in an ADAM (ADLDS) instance corresponding to an instance of an ADAM MA update access is required for operational plug-ins such as the MOSS user profile migration plug-in;
- access to write to its log file;
- access to write MIIS archive files;
- full update access to the c:\Program Files\Unify Solutions\Event Broker folder ;
- rights to launch DCOM applications;
- db_owner rights to its own SQL database;
- db_datareader rights to the MIIS SQL database;
- db_datareader and db_datawriter access to any SQL stores if it is configured with the SQL helper for a SQL MA; and
- member of the MIISAdmins or FIMSyncAdmins group (e.g. launch a run profile, archive run history).
What is less clear is what rights are needed to successfully run the Management Studio.
At DET I am accessing a production server as a user in the MIIS-Admins group and can happily run the FIM Synchronization Service Console. When I try to run EB Management Studio, I get an error (eb error.jpg). If I accept the error, I get some of EB, but no access to the important bits(eb error2.jpg).
Even when I managed to get it running (using runas user command) I found that I could not browse to and add a run profile in my schedule because I did not have access rights.
Is there a concise list of the rights required for a normal user to run the EB Management Studio? I guess administrator rights would do it, but would rather be requesting the minimum required.
eb error 2.jpg
Customer support service by UserEcho