OS and SQL rights to install and use Celiveo

OS Rights

Component	Installation			Operations
Component	Account	Privileges	Password change / Account expiry	Accounts	Privileges	Password change / Account expiry
Celiveo Web Admin (WA)
Celiveo Smart Appliance (CSA)	Registered user on WA as Admins	WA – No additional privileges required	N/A	N/A	OS/ DB – No privileges required	N/A
Embedded Solution (HP FutureSmart)	Registered user on WA as Admins	WA – No additional privileges required	N/A	N/A	OS/ DB – No privileges required	N/A
Celiveo Virtual Printer (CVP)	Windows Account	OS – Local Administrator privileges	NO	Local System	OS – No additional privileges required.	Password change – Required Not to Change. If password is changed, it needs to be updated in WA.Configuration settings file config.ini should be updated in all workstations.
Celiveo Virtual Printer (CVP)	N/A	DB – N/A	NO	CeliveoDB User (credentials set in encrypted connection string)	DB – Require dbreader, dbwriter and ddladmin roles and EXEC permission to execute stored procedures on databases (SJPS/ CeliveoDB/PrintManager90)	Password change – Required Not to Change. If password is changed, it needs to be updated in WA. Configuration settings file config.ini should be updated in all workstations.
Celiveo Server Services (CSS)	Windows Account	OS – Local Administrator privileges	N/A	Local System	OS – No additional privileges required.	N/A
Celiveo Shared Virtual Printer (CSVP)	Windows Account	OS – Local Administrator privileges	N/A	Local System	OS – No additional privileges required.	N/A
Celiveo Shared Virtual Printer (CSVP)	N/A	DB – N/A	NO	CeliveoDB User (credentials set in encrypted connection string)	DB – Require dbreader, dbwriter and ddladmin roles and EXEC permission to execute stored procedures on databases (SJPS/ CeliveoDB/PrintManager90)	Password change – Required Not to Change. If password is changed, it needs to be updated in WA. Configuration settings file config.ini should be updated in all workstations.
For older versions of Celiveo
Celiveo Secure Services (CSS)	Windows Account	OS – Local Administrator privileges	NO	Local System	OS – No additional privileges required	Password change – Required Not to Change. If password is changed, it needs to be updated in CSS.
Celiveo Secure Services (CSS)	N/A	DB – N/A	NO	System Admin	DB – Require dbcreator, dbowner privileges for databases	Password change – Required Not to Change. If password is changed, it needs to be updated in CSS.

SQL service account rights

There are 2 ways to install and run Celiveo Web Admin based on database user privileges that can be provided:

Using any user, who has privilege to create database on SQL Server. Typically default roles sysadmin, dbcreator have these privileges. And any role/user with “CREATE ANY DATABASE”, “VIEW ANY DATABASE”, “CONNECT” server level permissions will also qualify.
When this option for service user is chosen, enter user with above roles/permissions on the Celiveo WA installer and it will take care of creating both databases (CeliveoDB, SJPS) and install Web Admin keeping the entered user as service account for Celiveo with respect to database server.

Another way to specify the DB service user for Celiveo when this service user must not be able to create databases. In this case, before installing Celiveo Web Admin:
1. Manually create 2 databases on SQL Server i.e. CeliveoDB and SJPS.
2. Create login on SQL server with SQL Authentication.
3. Create user in CeliveoDB and SJPS for created login and then give appropriate permissions to that user. There are 2 ways to give permission to user: built roles and explicit permissions. The following table describes permissions/roles required by Celiveo:

Database Name	Role	Permissions
CeliveoDB	db_datareader, db_datawriter, db_ddladmin	SERVER – VIEW SERVER STATE DATABASE – “CREATE TABLE”, “CREATE VIEW”, “CREATE PROCEDURE”, “CREATE FUNCTION”, “CREATE RULE”, “CREATE DEFAULT”, “CREATE TYPE”, “CREATE ASSEMBLY”, “CREATE XML SCHEMA COLLECTION”, “CREATE SCHEMA”, “CREATE SYNONYM”, “CREATE AGGREGATE”, “CREATE SYMMETRIC KEY”, “CREATE ASYMMETRIC KEY”, “CREATE FULLTEXT CATALOG”, “CREATE CERTIFICATE”, “CONNECT”, “ALTER ANY SCHEMA”, “ALTER ANY ASSEMBLY”, “ALTER ANY FULLTEXT CATALOG”, “ALTER ANY SYMMETRIC KEY”, “ALTER ANY ASYMMETRIC KEY”, “ALTER ANY CERTIFICATE”, “SELECT”, “INSERT”, “UPDATE”, “DELETE”, “REFERENCES”, “ALTER ANY DATABASE DDL TRIGGER”, “VIEW DATABASE STATE”, “EXECUTE”
SJPS	db_datareader, db_datawriter, db_ddladmin	SERVER – VIEW SERVER STATE DATABASE – “CREATE TABLE”, “CREATE VIEW”, “CREATE PROCEDURE”, “CREATE FUNCTION”, “CREATE RULE”, “CREATE DEFAULT”, “CREATE TYPE”, “CREATE ASSEMBLY”, “CREATE XML SCHEMA COLLECTION”, “CREATE SCHEMA”, “CREATE SYNONYM”, “CREATE AGGREGATE”, “CREATE SYMMETRIC KEY”, “CREATE ASYMMETRIC KEY”, “CREATE FULLTEXT CATALOG”, “CREATE CERTIFICATE”, “CONNECT”, “ALTER ANY SCHEMA”, “ALTER ANY ASSEMBLY”, “ALTER ANY FULLTEXT CATALOG”, “ALTER ANY SYMMETRIC KEY”, “ALTER ANY ASYMMETRIC KEY”, “ALTER ANY CERTIFICATE”, “SELECT”, “INSERT”, “UPDATE”, “DELETE”, “REFERENCES”, “ALTER ANY DATABASE DDL TRIGGER”, “VIEW DATABASE STATE”, “EXECUTE”

You can also use the following scripts to create login, user and set permissions for service account –

Create Service Account with roles.sql – This file creates login, user and assigns db_datareader, db_datawriter and db_ddladmin roles to that user in SJPS and CeliveoDB databases.
Create Service User with permissions.sql – This file creates login, user and then adds all minimum required permissions for the user.

TGS 10

For TGS 10, the service user that you enter needs to have db_datareader, db_datawrite, db_ddladmin roles or same permissions as that of Web Admin. Therefore you can use same service user as that of WA in TGS 10. TGS 10 always needs to be installed after Web Admin.

Note:
Tags applied decide the level of authority for the user in WA. To know more about Tags and System Administrator Management, refer to:

Tag Printers and Users
Managing System Administrators

Last modified: 16 February 2021

Requirements for Hardware

Ports and Communication

Feedback

Post your comment on this topic.