Service Account

Specify the service account that will be used by the services.

During the configuration of the components you install, you must enter service account information. This service account allows the agents to access the database server. Individual users do not require any form of database permissions. The service accounts used for the agents and the database should have passwords that do not expire. If, however, the passwords must change at regular intervals, you can rerun the Configuration wizard on all the AppScan® Enterprise Server and Dynamic Analysis Scanner computers and enter the new password.

The Local System User account and the Service Account can be a single account, with the same user name and password.

The service account is granted db_owner rights to the database and must have permissions that allow it to create a database and tables, add users, run stored procedures, and grant rights. If your organization prevents the service account to be granted db_owner rights, then the account must be granted a miminum of ddladmin, datawriter and datareader rights for configuring and running AppScan Enterprise.

With a SQL Server database, you can use a single service account or multiple service accounts, depending on how you decide to install.

File and folder permissions

The service account must have the following permissions on Drive:\\YourInstallFolder\HCL\product name\ and all of its subfolders:
  • Read and Execute
  • Write
  • Delete
  • Delete files and subfolders
  • Create files and subfolders
Note: These permissions enable the service account to write to the log files. They also enable the scan agents to write temp files, without which the scans would not function. The Configuration wizard creates these permissions for you - do not change them.

Local security policies

The service account must have permission to log on locally on the target machine so that it can impersonate the user's logon credentials. It also must have permission to log on as a service.

Registry permissions

The service account must have the following permissions:
  • Read and Execute
  • Write
  • Delete