Control Compliance Suite

 View Only

  • 1.  SQL Account used for creating and read/write CSM_DB, CSM_EvidenceDB, and CSM_Reports.

    Posted Sep 15, 2011 11:11 PM

     

    In the CCS Installation Guide (v10.5), installing the R&A in distributed setup mode, is the user name and password provided in the "Use a SQL user name and password" stored by CCS (maybe in the ADAM/ADLDS?).

    In page 117 of the manual, step 10:  

    The SQL server information is used to create the production database on the

    Application Server computer that stores the CCS data

    Most of the time 'sa' is the primary candidate here.

    What is the account then used as CCS reads and write data to the CSM_DB, Evidence, and Reporting DB?

     


     



  • 2.  RE: SQL Account used for creating and read/write CSM_DB, CSM_EvidenceDB, and CSM_Reports.

    Posted Sep 16, 2011 11:25 AM

    The SQL credential you select in this dialog are the credentials that will be used by the CCS services to access the production and reporting database. CSM_DB and CSM_EvidenceDB are the production databases. CSM_Reports is the reporting database. Production and reporting databases do not have to reside on the same SQL instance.

    The recommedend practice is to use Windows authentication and the service account information that you provided in the prior dialog will be used to access the databases. In this scenario, you would only provide SQL Server name and possibly instance name and make no further changes.

    If you are not allowed to use Wndows authentication, then you should create a dedicated service account on the SQL Server instance for the CCS application. You will provide those credentials in the dialog screen you posted.



  • 3.  RE: SQL Account used for creating and read/write CSM_DB, CSM_EvidenceDB, and CSM_Reports.

    Posted Sep 18, 2011 12:49 AM

    Hi Scott:

    Many thanks for the reply.

    I am referring to a situation when Windows Authentication (domain account) is not allowed and that the alternative option is to use a localized SQL user name and password.

    My follow up questions:

    [1] What SQL Server Roles should be given to the SQL account?

    [2] Is it documented somewhere in the install and/or planning guide?

    [3] The install guide (see my first post) gives the impression that the SQL account will only be used to create the production database but no mention of storing the username/password for operational use. This matters in hardened and minimalist-rights environments -- the kind of customers that are serious with Governance, Risk and Compliance management.

    What are the least SQL Server Roles required by CCS for installation and operation?



  • 4.  RE: SQL Account used for creating and read/write CSM_DB, CSM_EvidenceDB, and CSM_Reports.

    Posted Sep 18, 2011 10:39 AM

    The SQL account will be the dbo user for the three databases. Do not alter that right, but you can remove the sysadmin server role after installation.

    This section is from chapter 3 of the installation guide: http://www.symantec.com/business/support/index?page=content&id=HOWTO41778&actp=search&viewlocale=en_US&searchid=1316356596482