Home > Forum > Installation > SQL rights - Installation R2025

SQL rights - Installation R2025
0

09.04.2025
09:13
macchina

Hello,
we have a production- and a dev-environment. The production environment was installed in 10/2024 (R 2024 version.. and updated to the latest R2025), the dev-environment was installed a few days ago (R 2025).

For each stage we have 2 system accounts:
Prod:
service_webcon
service_webcon_iis

Dev:
service_webcon_dev
service_webcon_iis_dev


In the production environment the user service_webcon_iis has NO SQL rights and is configured as user for the application pool.
service_webcon is used for the service.
So far so good.
So we prepared the accounts for the dev-stage exactly like the accounts in the prod-stage (of course different servers and different SQL server).

service_webcon_iis_dev is used as application pool user, service_webcon_dev is used for the service.
If we start the dev-stage with this configuration we get an exception: sql login failed for service_webcon_iis_dev

Webcon versions are the same, Server prod is windows 2016, Server dev is windows 2022.

So my questions:
1) why is this difference? Why does the application pool user need SQL-rights?
2)the installation says that both accounts needs sql-rights. Is this correct? And if so, why does it work in our production environment (application pool user service_webcon_iis has NO SQL rights)?
3) If I use the service_webcon_dev for the application pool (or give service_webcon_iis_dev SQL rights) .. all is working correkt.

Thanks!
Ernst

Reply  
09.04.2025
12:57
MVP
Daniel Krüger (Cosmo Consult)

Hi Ernst,

that's a great question which I haven't asked yet.

We have numerous installation where it behaves differently. We always create a BPS user for the access to the database but regardless of this setting, sometimes the application pool account needs access to the databases and sometimes it doesn't.

I haven't looked into it any further because the priority of this is somewhere way beneath zero. :)

Best regards,
Daniel

Reply  
Solution (0) Helpful (0) Wrong answer (0)
11.04.2025
08:37
WEBCON
Konrad Keppert (WEBCON)

Hi Ernst,

The account used to connect WEBCON BPS to SQL Server depends on the choice of "Databases owner" made during the installation. Look up chapter "2.5.2. Database creation parameters" of Standalone installation instructions.
WEBCON BPS installer will grant db_owner permission for your account of choice to all BPS databases. The choice impacts the connection string.

If new/existing SQL login was chosen, then its credentials are used in connection string and no domain account needs db_owner privileges.
If "Use application pool account" was chosen, then connection string will have "Integrated authentication=True;" parameter in connection string, meaning that both application pool and service accounts will be granted db_owner permissions and will be used in connections to SQL Server.

As far as I am concerned, this was not changed between versions.

Kind regards

Reply  
Solution (1) Helpful (0) Wrong answer (0)
Menu
Czerwone Maki 87
30-392 Krakow, Poland
office@webcon.com
+48 12 443 13 90
Privacy overviewStrictly necessary cookiesAnalytical / marketing cookies

Privacy overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.


To see a full list of the cookies we use and learn more about their purposes, visit our Privacy Policy.