For installation and operation of a One Identity Manager database, the following database server and database settings are required:
Table 6: Database server settings
Language |
English |
Select English as the default language for database users. |
Server Collation |
Case insensitive
SQL_Latin1_General_CP1_CI_AS (recommended) |
|
Extreme transaction processing supported (Is XTP supported) |
True |
Default setting. |
Table 7: Database settings
Collation |
SQL_Latin1_General_CP1_CI_AS |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Recovery model |
Full |
Default setting. |
Compatibility level |
SQL Server 2019 (150) |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Auto Create Statistics |
True |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Auto Update Statistics |
True |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Auto Update Statistics Asynchronously |
False |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Arithmetic Abort enabled |
True |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Quoted Identifiers Enabled |
True |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Is Read Committed Snapshot On |
True |
The default setting for transactions is AutoCommit. If transactions are required, they are opened explicitly.
These settings have proven to provide the best balance between data security and performance for One Identity Manager's massive parallel processing. Other transaction modes are not supported by One Identity Manager.
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Parameterization |
Forced |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Database file and date file group for memory-optimized tables |
Required |
Default setting. |
Table variable deferred compilation (DEFERRED_COMPILATION_TV) |
ON |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Interleaved execution (INTERLEAVED_EXECUTION_TVF) |
ON |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
The following users are identified for using a One Identity Manager database in a managed instance in Azure SQL Database with the granular permissions concept. User permissions at server and database level are matched to their tasks.
-
Installation user
The installation user is required for the initial setup of a One Identity Manager database using the Configuration Wizard.
-
Administrative user
The administrative user is used by components of One Identity Manager that require authorizations at server level and database level, for example, the Configuration Wizard, the DBQueue Processor, or the One Identity Manager Service.
-
Configuration user
The configuration user can run configuration tasks within the One Identity Manager, for example, creating customer-specific schema extensions or working with the Designer. Configuration users need permissions at the server and database levels.
-
End users
End users are only assigned permissions at database level in order, for example, to complete tasks with the Manager or the Web Portal.
For more information about minimum access levels for One Identity Manager tools, see the One Identity Manager Authorization and Authentication Guide.
Permissions for installation users
The server administrator set up when Azure SQL was deployed has the administrative permissions to directly install and use a One Identity Manager database. Likewise, the granulated permissions concept can be enabled by this user.
If this user cannot be used, an SQL login and database user must be provided with the following permissions.
SQL Server:
-
Member of dbcreator server role
The server role is only required if the database is created using the Configuration Wizard.
-
Member of securityadmin server role
This server role is required to create SQL logins.
-
view server state permissions with the with grant option option and alter any connection permissions with the with grant option option.
The permissions are required to check connections and close these if necessary.
-
alter any server role permissions
The permissions are required to create the server role for the administrative user.
msdb database:
-
alter any user permissions
The permissions are required to create the necessary database users for the administrative user.
-
alter any role permissions
This permission is required to create the necessary database role for the administrative user.
master database:
-
alter any user permissions
The permissions are required to create the necessary database users for the administrative user.
-
alter any role permissions
This permission is required to create the necessary database role for the administrative user.
-
Run permissions with the with grant option option for the xp_readerrorlog procedure
The permissions are required to find out information about the database server's system status.
One Identity Manager database:
Permissions for administrative users
During the installation of the One Identity Manager database with the Configuration Wizard, the following principal elements and permissions are created for the administrative user:
SQL Server:
master database:
One Identity Manager database:
-
Admin database user
-
Member in db_owner database role
The database role is required to update a database with the Configuration Wizard.
-
The database user is assigned to the <DatabaseName>_Admin SQL login.
Permissions for configuration users
During the installation of the One Identity Manager database with the Configuration Wizard, the following principal elements and permissions are created for configuration users:
SQL Server:
One Identity Manager database:
Permissions for end users
The following principals are created with the permissions for end users during the installation of the One Identity Manager database with the Configuration Wizard:
SQL Server:
One Identity Manager database:
For more information about Azure SQL Database, refer to the Microsoft website under https://azure.microsoft.com/en-us/products/azure-sql/database/.
The following requirements and limitations apply to the use of Azure SQL Database as a database system.
-
If you use Azure SQL Database as the database system, you must supply a database. There is no support for creating a new database in Azure SQL Database with the Configuration Wizard.
-
use statements are not supported.
-
Strong passwords must be used for the SQL login.
For more information, see under Strong Passwords in the Microsoft documentation.
Related topics
For installation and operation of a One Identity Manager database, the following database server and database settings are required:
Table 8: Database server settings
Language |
English |
Select English as the default language for database users. |
Server Collation |
Case insensitive
SQL_Latin1_General_CP1_CI_AS (recommended) |
|
Extreme transaction processing supported (Is XTP supported) |
True |
Default setting. |
Table 9: Database settings
Collation |
SQL_Latin1_General_CP1_CI_AS |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Recovery model |
Full |
Default setting. |
Compatibility level |
SQL Server 2019 (150) |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Auto Create Statistics |
True |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Auto Update Statistics |
True |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Auto Update Statistics Asynchronously |
False |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Arithmetic Abort enabled |
True |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Quoted Identifiers Enabled |
True |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Is Read Committed Snapshot On |
True |
The default setting for transactions is AutoCommit. If transactions are required, they are opened explicitly.
These settings have proven to provide the best balance between data security and performance for One Identity Manager's massive parallel processing. Other transaction modes are not supported by One Identity Manager.
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Parameterization |
Forced |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Database file and date file group for memory-optimized tables |
Required |
Default setting. |
Table variable deferred compilation (DEFERRED_COMPILATION_TV) |
ON |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |
Interleaved execution (INTERLEAVED_EXECUTION_TVF) |
ON |
The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary. |