Wednesday, February 23, 2011

Microsoft Lync Server 2010’s Monitoring and Archiving Server database permissions

Just as I did with a previous blog post documenting:

Microsoft Lync Server 2010 Enterprise Pool SQL Database Permissions

http://terenceluk.blogspot.com/2011/01/microsoft-lync-server-2010-enterprise_31.html

… this post serves to document the default permissions assigned to the Monitoring and Archiving servers’ databases.

Archiving Server

The LcsLog database belonging to the archiving server only has one Lync Server 2010 related service account assigned in the security properties of the database:

image

The RTCComponentUniversalServices account is assigned the following permissions:

image image

image image

Using the sp_helplogins stored procedure to list the permissions of the database will yield the following:

LoginName

DBName

UserName

UserOrAlias

SomeDomain\RTCComponentUniversalServices

LcsLog

SomeDomain\RTCComponentUniversalServices

User

SomeDomain\RTCComponentUniversalServices

LcsLog

ServerRole

MemberOf

sa

LcsLog

db_owner

MemberOf

sa

LcsLog

dbo

User

Monitoring Server

The monitoring server writes to 2 databases:

LcsCDR

The LcsCDR only has only one Lync Server 2010 related service account assigned in the security properties of the database:

image

The RTCComponentUniversalServices account is assigned the following permissions:

image image

QoEMetrics

As with the LcsCDR database, the QoEMetrics database only has only one Lync Server 2010 related service account assigned in the security properties of the database:

image

The RTCComponentUniversalServices account is assigned the following permissions:

image image

Using the sp_helplogins stored procedure to list the permissions for both databases will yield the following:

LoginName DBName UserName UserOrAlias
SOMEDOMAIN\RTCComponentUniversalServices LcsCDR SOMEDOMAIN\RTCComponentUniversalServices User
SOMEDOMAIN\RTCComponentUniversalServices LcsCDR ReportsReadOnlyRole MemberOf
SOMEDOMAIN\RTCComponentUniversalServices LcsCDR ServerRole MemberOf
SOMEDOMAIN\RTCComponentUniversalServices QoEMetrics SOMEDOMAIN\RTCComponentUniversalServices User
SOMEDOMAIN\RTCComponentUniversalServices QoEMetrics ServerRole MemberOf
SOMEDOMAIN\lyncreport LcsCDR Lyncreport User
SOMEDOMAIN\lyncreport LcsCDR ReportsReadOnlyRole MemberOf
SOMEDOMAIN\lyncreport QoEMetrics Lyncreport User
SOMEDOMAIN\lyncreport QoEMetrics ReportsReadOnlyRole MemberOf
sa LcsCDR db_owner MemberOf
sa LcsCDR dbo User
sa QoEMetrics db_owner MemberOf
sa QoEMetrics dbo User

Hope this helps anyone who may be scrambling to find somewhere to reference what the default permissions for the monitoring and archiving databases are.

No comments: