droach
ADSM.ORG Senior Member
Our SQL DB's are restricted from folks in the Server Administrators group. To schedule TDP backups we run the TDP scheduler and set it to run under an account that has access to the SQL databases. In addition, we add the SQL account to the server's administrators group. So far, so good. TDP for SQL backups run fine with this configuration.
Now, our security folks want the SQL account removed from the server's administrators group. If I remove the SQL account from the Administrators group the account becomes essentially a User-level account with SQL access and does not have the permissions necessary to run TDPSQLC.exe. The account can no longer access certain TSM/TDP registry keys, it can't start as a service, and it can't update dsmerror.log and dsmsched.log.
I tried throwing the SQL account into the Backup Operators group and that didn't work.
So, my question is...has anyone documented the minimum configuration necessary for running TDP for SQL?
Now, our security folks want the SQL account removed from the server's administrators group. If I remove the SQL account from the Administrators group the account becomes essentially a User-level account with SQL access and does not have the permissions necessary to run TDPSQLC.exe. The account can no longer access certain TSM/TDP registry keys, it can't start as a service, and it can't update dsmerror.log and dsmsched.log.
I tried throwing the SQL account into the Backup Operators group and that didn't work.
So, my question is...has anyone documented the minimum configuration necessary for running TDP for SQL?