What Are the SQL Server Security Requirements for Profiles?
The Profiles System uses SQL Server roles to determine which actions users have permissions to perform. Two roles control access to profile definitions, and three roles control access to instances of profiles.
The following list describes the roles that control access to profile definitions:
Profile_Schema_Manager: Allows for create, read, write, and delete access to profile definitions.
Profile_Schema_Reader: Allows for read access to profile definitions.
The following list describes the roles that control access to instances of profiles:
Profile_Runtime: Allows for create, read, write, and delete access to instances of profiles.
Profile_Reader: Allows for read access to instances of profiles.
Profile_User_Reader: Allows for read access to instances of the UserObject profile.
If you add or delete SQL tables that the Profiles System uses, you must update the Profile_Runtime and Profile_Reader roles to reflect the changes. If you add or delete SQL tables that affect the UserObject profile, you must also update the Profile_User_Reader role to reflect the changes.
You must assign specific SQL Server roles to the user accounts or security groups that are used to perform different activities. The following list identifies the roles required for each activity:
To run the customer-facing Web application: Profile_Schema_Reader and Profile_Runtime
To run the Profiles Web service: Profile_Schema_Manager and Profile_Runtime
To run the Marketing Web service: Profile_Schema_Reader and Profile_User_Reader
To run the Direct Mailer: Profile_Schema_Manager and Profile_User_Reader. Assign these roles to the DML_SG security group.
To create profile definitions: Profile_Schema_Manager
To create, read, modify, or delete instances of any profile: Profile_Schema_Reader and Profile_Runtime
To view users: Profile_Schema_Reader and Profile_User_Reader
To view instances of any profile: Profile_Schema_Reader and Profile_Reader
To assign roles to a user account or security group, use the SQL Server Management Console to edit the user account's properties or the security group's properties.