• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.


    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

What permissions does TDP for SQL need to run?


ADSM.ORG Senior Member
Our SQL DB's are restricted from folks in the Server Administrators group. To schedule TDP backups we run the TDP scheduler and set it to run under an account that has access to the SQL databases. In addition, we add the SQL account to the server's administrators group. So far, so good. TDP for SQL backups run fine with this configuration.

Now, our security folks want the SQL account removed from the server's administrators group. If I remove the SQL account from the Administrators group the account becomes essentially a User-level account with SQL access and does not have the permissions necessary to run TDPSQLC.exe. The account can no longer access certain TSM/TDP registry keys, it can't start as a service, and it can't update dsmerror.log and dsmsched.log.

I tried throwing the SQL account into the Backup Operators group and that didn't work.

So, my question is...has anyone documented the minimum configuration necessary for running TDP for SQL?


ADSM.ORG Senior Member
I have not seen that, thanks. Not sure I believe their requirements for running a backup or restore.
Ignoring the SQL requirements, the way I read that last section is that to run the backup EXE's the account either has to be in the Administrators group, or you can disable UAC, or you can disable the Admin Approval Mode. It does not mention that the account needs to be in the Backup Operators security group. But if the account running the backup is not in Backup Operators, and it is not in the Administrators group, I don't think simply manipulating the UAC and Admin approval modes will allow the EXE's to run.

I know the BACLIENT EXE's won't run with just those setting mentioned. I'll have to do some more tests to see if the TDP EXE's will.

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 18 18.8%
  • Keep using TSM for Spectrum Protect.

    Votes: 58 60.4%
  • Let's be formal and just say Spectrum Protect

    Votes: 12 12.5%
  • Other (please comement)

    Votes: 8 8.3%

Forum statistics

Latest member