Securing the CSM Database
Cherwell® Service Management uses two accounts for database access: an application-level account and an administrator user account. These two accounts are configured when a 2-tier database connection is created to control the level of database access given for the application.
Create the following two accounts before you run the scripts in this procedure:
- CSMAdminUser (administrator account)
- CSMUser (application-level user)
The application and administrator accounts control different aspects of CSM.
By configuring each account separately, CSM uses the appropriate security context for advanced operations that CSM Portal and technician users do not typically perform. These advanced actions usually occur during Blueprint publishes, system restore, and system upgrade. For a multi-tenant environment (multiple databases on a single database server), do not share database accounts if access to these databases is restricted between instances of CSM. Integrated security for connections is not recommended.
sa
account for both account values.To grant the appropriate permissions, run scripts against the target database for the CSMAdminUser and CSMUser accounts.
To grant permissions: