Data Loss Prevention

 View Only

  • 1.  SQL 2008 R2 database - what rights are required for account on SQL server?

    Posted Apr 30, 2013 12:32 PM

    i am testing DAR scanning for SQL2008 R2 server in our environment and keep getting the following:

    "Unable to create a database connection: Unable to load driver for sqlserver."

    I am utilizing the string below: 

     

      sqlserver://<SQL server name>:1433/<valid db name>;domain=CORP;useNTLMv2=true

     following what I found in the documentation: 

    the account I have configured within this scan currently has db_reader rights to the database - is there anything else needed? 

     

    Thanks in advance - 

    JN



  • 2.  RE: SQL 2008 R2 database - what rights are required for account on SQL server?

    Broadcom Employee
    Posted Apr 30, 2013 12:49 PM

    what is teh DLP version? did you check if it works?

    sqlserver://sqlserver.company.com:1433/mydatabase;instance=myinstance



  • 3.  RE: SQL 2008 R2 database - what rights are required for account on SQL server?

    Posted Apr 30, 2013 12:57 PM

    11.6.1000.20056 is the version - and to this point, I have not specified an instance.  Is that required? 



  • 4.  RE: SQL 2008 R2 database - what rights are required for account on SQL server?

    Broadcom Employee
    Posted Apr 30, 2013 01:44 PM

    im not sure if the sql 2008 target is supported. can you check with support?

     



  • 5.  RE: SQL 2008 R2 database - what rights are required for account on SQL server?

    Posted Apr 30, 2013 01:54 PM

    i will go that route - thanks.  

     

    JN



  • 6.  RE: SQL 2008 R2 database - what rights are required for account on SQL server?

    Posted May 07, 2013 04:34 PM

    It seems that DLP isn't able to load the jdbc driver, please check both jdbc driver and sqldatabasecrawler.properties on DLP Network Discover.

    I used jtds-1.2.2.jar without problems.

    Giovanni

     



  • 7.  RE: SQL 2008 R2 database - what rights are required for account on SQL server?

    Posted May 07, 2013 04:46 PM

    Thanks Giovanni - I got it working by utilizing the following syntax:

    sqlserver://<servername>:port/db_name

    our SQL admin also created a SQL account to use for these scans, and after testing these out - I was able to scan databases with success.  

     



  • 8.  RE: SQL 2008 R2 database - what rights are required for account on SQL server?

    Broadcom Employee
    Posted May 08, 2013 09:21 AM

    DBO (Database Object Owner) is the account required to scan the SQL Database.

    The credentials you provide must have both Read permission and Write Attributes permission on the scan target. Write Attributes permission is required in order to update the "last accessed" date.