System Center Orchestrator 2022 - Web API and Console - Database Permissions

Yang, Vao 25 Reputation points
2023-09-21T18:13:29.14+00:00

Hi,

I just upgraded to SCO 2022. What database permissions is required for SCO 2022 after installation for the Web API and Console?

SCO Console fails with a WebAPI status 500 error when DB_Owner role is removed. I'd like to avoid granting DB_Owner role.

We have always had our account in these DB roles:

  • app_grp
  • Microsoft.SystemCenter.Orchestrator.Admins
  • Microsoft.SystemCenter.Orchestrator.Operators
  • Microsoft.SystemCenter.Orchestrator.Runtime

Everything works besides the new web API and console.

System Center Orchestrator
System Center Orchestrator
A family of System Center products that provide an automation platform for orchestrating and integrating both Microsoft and non-Microsoft IT tools.
215 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Stefan Horz 3,461 Reputation points
    2023-09-21T21:52:49.8266667+00:00

    Hi,

    execute these two SQL statements against Orchestrator DB:

    GRANT EXECUTE ON object::[Microsoft.SystemCenter.Orchestrator].[GetSecurityToken] TO [Microsoft.SystemCenter.Orchestrator.Operators]
GRANT SELECT ON object::[Microsoft.SystemCenter.Orchestrator.Internal].[Settings] TO [Microsoft.SystemCenter.Orchestrator.Operators]

    Regards,

    Stefan

    1 person found this answer helpful.
  2. Yang, Vao 25 Reputation points
    2023-09-26T15:32:22.8066667+00:00

    These 3 lines were ran for me: 

    GRANT EXECUTE ON object::[Microsoft.SystemCenter.Orchestrator].[GetSecurityToken] TO [Microsoft.SystemCenter.Orchestrator.Operators]

GRANT SELECT ON object::[Microsoft.SystemCenter.Orchestrator.Internal].[Settings] TO [Microsoft.SystemCenter.Orchestrator.Operators]

GRANT SELECT ON object::[Microsoft.SystemCenter.Orchestrator.Internal].[AuthorizationCache] TO [Microsoft.SystemCenter.Orchestrator.Admins]
    1 person found this answer helpful.
    0 comments