SQL Monitoring - Why does the SQL Monitoring account need PolicyAdministratorRole on MSDB? RRS feed

  • Question

  • I'm hoping someone can shed some light on this for me. I'm getting pushback from my SQL DBA over configuring accounts for SQL Monitoring in a LPE. Per the SQL MP guide, we need to grant a couple of roles to the desired account. He's hesitant to grant the SQL Monitoring account PolicyAdministratorRole until he get's an explanation on why this role is needed on the MSDB. Of course, the MP guide and trustyworthy bloggers don't have the resoning behind the requirements, so I'm only left to guess. He's not accepting my "because that's how the MP was written BY Microsoft" as an answer.

    Any ideas on why PolicyAdministratorRole is needed?
    Wednesday, October 28, 2015 5:00 PM

All replies

  • It is going to a deadlock situation. SQL MP is written by MS and its official document,SQL Server Management Pack Guide, has already list low-privilege account setting for SQL MP . If your DBA does not trust the MS suggestion and does not grant the permission, you may develop a testing environment in which PolicyAdministratorRole is not grant to MSDB to test what error/s is generated.
    • Proposed as answer by Graham Davies Friday, October 30, 2015 4:03 PM
    • Marked as answer by Elton_Ji Saturday, November 7, 2015 9:25 AM
    • Unmarked as answer by BlakeTheITGuy Sunday, November 8, 2015 9:36 PM
    • Unproposed as answer by BlakeTheITGuy Sunday, November 8, 2015 9:36 PM
    Thursday, October 29, 2015 5:00 AM