0
Answered

Rights required to run the Event Broker Management Studio

Eddie Kirkman 8 years ago • updated by anonymous 3 years ago 10

The documentation is clear on what is required for the Event Bropker service account:

  • access to read each of the connected directories for each of the MAs defined by the corresponding ILM/FIM configuration, e.g. member of the Readers group in an ADAM (ADLDS) instance corresponding to an instance of an ADAM MA update access is required for operational plug-ins such as the MOSS user profile migration plug-in;
  • access to write to its log file;
  • access to write MIIS archive files;
  • full update access to the c:\Program Files\Unify Solutions\Event Broker folder ;
  • rights to launch DCOM applications;
  • db_owner rights to its own SQL database;
  • db_datareader rights to the MIIS SQL database;
  • db_datareader and db_datawriter access to any SQL stores if it is configured with the SQL helper for a SQL MA; and
  • member of the MIISAdmins or FIMSyncAdmins group (e.g. launch a run profile, archive run history).

What is less clear is what rights are needed to successfully run the Management Studio.

At DET I am accessing a production server as a user in the MIIS-Admins group and can happily run the FIM Synchronization Service Console. When I try to run EB Management Studio, I get an error (eb error.jpg). If I accept the error, I get some of EB, but no access to the important bits(eb error2.jpg).

Even when I managed to get it running (using runas user command) I found that I could not browse to and add a run profile in my schedule because I did not have access rights.

Is there a concise list of the rights required for a normal user to run the EB Management Studio? I guess administrator rights would do it, but would rather be requesting the minimum required.

Cheers,

Eddie


eb error.jpg
eb error 2.jpg

Also, with issues like this, they should be logged against the QDET project, unless they are proven to be issues with Event Broker itself

Eddie, refer to EB223:Security Surface. The error message you're getting though may be insufficient access or rights to the Event Broker database.

The problem is undoubtedly a DET one and I am pretty sure that it is indeed caused by insufficient rights to the EB database, but the wider issue is that the documentation does not indicate what rights are needed - in fact I do not even think that the doco even mentions that the person running EB management studio needs rights.

Matt, can this be closed?

No, still need to revisit this and put up the required rights for Management Studio

So for what is it being done? 2.2.3, 3.0 or 3.x?

Updated fix version

Resolved, see https://unifysolutions.jira.com/wiki/display/EB223/Prerequisites. We've talked about this for a while but just haven't addressed it through this issue.