Video Screencast Help

What are the default SCSP SQL database accounts and what are they used for?

Created: 22 Feb 2014 • Updated: 25 Feb 2014
Language Translations
yang_zhang's picture
+1 1 Vote
Login to vote

There are several default accounts created in the SQL Server Database after the installation of the SCSP. You can find these users by logging into the SQL Server Management Studio:

SCSP_SQL_Server_Accounts.png

There are four accounts:

  • scspdba
  • scsp_ops
  • scsp_plugin
  • scspguest

Here are the introduction about these accounts:

  • SCSPDBA

This is the DB owner account used for managing the actual SCSP DB. You provide the password during install. This password is not recorded but you will need to know it when subsequent upgrades are performed.

This account has “owner” privileges and can manipulate all the structures and data in the SCSPDB, but has no privileges with regard to the SQL Server Instance or any other database defined within the instance –- just control over SCSPDB.

It is not used for any operational activities only initial install and upgrades.

  • SCSP_OPS

This is the account (and generated password) SCSP creates for the Tomcat Application Server to talk to the SQL Server Database. The credential information is recorded in the server.xml file for the JDBC URL access to the database.

This account can read and write data in SCSPDB but cannot perform any schema changes (ie it cannot create or delete table definitions, stored procedures, etc). There is normally no reason for you to know about this account or the extremely long 40 character password it uses. The server.xml file is protected from read-access by OS ACL’s as well as by SCSP default protection policies for anyone except the Tomcat process. The Database administrator can, after install and access granted, change the password to whatever they want.  

This account is used during all operational SCSP activity but it cannot change the schema, stored procedures, views, etc of the SCSPDB or any other database.

  • SCSP_PLUGIN

This is the account (and generated password) SCSP creates for limited access to third-party plugin tools (such as SSIM, ArcSight, others).

This account has read-only access to the SCSP database. If you want to utilize this account, set the password to a known value (using a sysadmin privileged account such as sa) and give this username (scsp_plugin) password information to the plug-in tool for this limited access to the database.

  • SCSPGuest

This is optionally created during install if you want to create a READONLY user account that could be used for external ODBC/JDBC access to the SCSPDB data.

This account is only created if you request it.