Help for Administration

Ready to get started with Callisto? We’re here to help. Browse through our most popular articles or get in touch if you need advice on something more specific to your SCCM environment.

Callisto Help > Setup and user administration > Assigning Database Permissions

Assigning Database Permissions

Callisto requires read permissions on the System Center databases, this is granted to each of the Configuration Manager, Service Manager, Operations Manager databases using SQL Management Studio. There are a few ways to achieve this, our recommendation is to grant the Callisto Server account datareader and database executor rights to each database. Note that if you have installed Callisto on the ConfigMgr server, none of this is configuration is required and you can skip the rest of this page.

Assigning Permissions to the Callisto Computer Account

Open SQL Management Studio and connect to the required SQL instance(s). Execute the following script replacing the domain\computername and database names. (Example is for Configuration Manager, simply replace the USE CM_DB1 database name with “OperationsManager”, “OperationsManagerDW” or “ServiceManager” for the other workloads):

USE MASTER
CREATE LOGIN [domain\computername$] FROM WINDOWS;
USE CM_DB1;
CREATE USER [domain\computername$];
--Executor rights are required for On-Premise Callisto only. These rights are used in the Search and Compliance Baseline features.
CREATE ROLE db_executor
GRANT EXECUTE TO db_executor

ALTER ROLE db_executor ADD MEMBER [domain\computername$]
ALTER ROLE db_datareader;
ADD MEMBER [domain\computername$]

Running the Application Pool under a service account

Alternatively, we can modify the account the Application Pool uses to be an account with the rights granted above. In this case, add the user account using the script above or SQL Admin Studio and then modify the application identity property