Protect SQL Account Configuration for least privilege requirements

Protect SQL Account Configuration for least privilege requirements

Solution:
When customers ask for how to configure SQL accounts for least privileged access to the DB you can give the following information for them to give to their DBA.

DB Creation:
New install of DB needs an account that has at least DB_Creator.  If it has nothing else but DB_Creator it will give the account the proper rights when it creates the DB.  So for situations where you have a DBA involved you can have them add a windows user to SQL with DB_Creator and then we can create the DB then after complete the DBA can remove DB_Creator from that user.

Protect User:
Any protect user must have the following rights to use the product.  STExec, DB_DataReader, DB_DataWriter to the ShavlikScans DB.  This must be configured for each user who will authenticate with the Shavlik DB.     

Upgrade Rights:
If a DBA wants to setup a specific user who has Upgrade access to the DB for product upgrades they would need to allow the following rights to the ShavlikScans DB.  db_securityadmin, db_ddladmin for the user who will upgrade the DB.  DB_creator no longer required.  When we upgrade the product there are typically schema changes to the DB.  These changes require additional rights that are not required for day to day usage of the product.  Ensure the customer knows that for any upgrades they have to use an account with this level of rights otherwise the DB upgrade will fail.