Callisto as a Service Database PermissionsTo use Callisto, the user account running the Callisto Controller (the Callisto app that runs in the System Tray) must have read access to the Configuration Manager database. If necessary this can be a different account to the one logging into the Callisto website, but commonly the Callisto user and the account running the controller will be the same. If your users do not yet have read access to the SQL database, the easiest way to fix this is to run a quick SQL script to grant rights for an AD group. Note that this does not set the rights the user will have in Callisto or in ConfigMgr, Callisto obeys ConfigMgr's RBAC model. This simply allows users the rights to view data via the Callisto portal, what they see and the rights they have over those objects is set in ConfigMgr itself and in the Callisto portal.
USE Master CREATE login [domain\groupname] FROM WINDOWS USE CM_DB1 CREATE USER [domain\groupname] ALTER ROLE db_datareader ADD MEMBER [domain\groupname]for example:
USE Master CREATE login [PERIJOVE\sg-CallistoAccess] FROM WINDOWS USE CM_DB1 CREATE USER [PERIJOVE\sg-CallistoAccess] ALTER ROLE db_datareader ADD MEMBER [PERIJOVE\sg-CallistoAccess]You can also use the SQL Management Studio GUI to add the relevant group by navigating to Databases - CM_XXX - Security - Users. Here you can right click, select new and then browse for your group. On the Membership tab you can select db_datareader.