Assigning Database Permissions
Callisto requires read permissions on the System Center databases, this is granted to each of the Configuration Manager, Service Manager, Operations Manager databases using SQL Management Studio. There are a few ways to achieve this, our recommendation is to grant the Callisto Server account datareader and database executor rights to each database. Note that if you have installed Callisto on the ConfigMgr server, none of this is configuration is required and you can skip the rest of this page.
Assigning Permissions to the Callisto Computer Account
Open SQL Management Studio and connect to the required SQL instance(s). Execute the following script replacing the domain\computername and database names. (Example is for Configuration Manager, simply replace the USE CM_DB1 database name with “OperationsManager”, “OperationsManagerDW” or “ServiceManager” for the other workloads):
USE MASTER CREATE LOGIN [domain\computername$] FROM WINDOWS; USE CM_DB1; CREATE USER [domain\computername$]; --Executor rights are required for On-Premise Callisto only. These rights are used in the Search and Compliance Baseline features. CREATE ROLE db_executor GRANT EXECUTE TO db_executor ALTER ROLE db_executor ADD MEMBER [domain\computername$] ALTER ROLE db_datareader; ADD MEMBER [domain\computername$]
Running the Application Pool under a service account
Alternatively, we can modify the account the Application Pool uses to be an account with the rights granted above. In this case, add the user account using the script above or SQL Admin Studio and then modify the application identity property