Installation accounts

You can install all the infrastructure components as the administrative user. You can also install some components as a non-administrative user but some limitations apply.

Note: To install BigFix Inventory on Windows in Korean language, you must have administrator role with English language. Some of the symbols are not supported in Korean language and this may lead to crash the installer.

Table 1. Installation accounts for the components of the BigFix Inventory infrastructure on Windows
Account	Account Permissions and Roles
OS Account to install and run BigFix Inventory server	User with administrative privileges with the log on as a service permission. If you want to use the Windows authentication mode and your database server is remote, ensure that the user that accesses the database is a domain user. This user needs to have the dbcreator or sysadmin rights in MS SQL database.
OS Account to install and run SQL Server database	User with administrative privileges
SQL Server database user for BigFix Inventory database	User account that either: the system admin has permissions listed below and user mapping to access the BigFix Inventory database. Important: this requires manual creatation of database during installation. User has the default language set to "English" (not a variety of English). The permissions required for non system admin are: user role: public mapping: BigFix Inventory database, Master, MSDB permission: INSERT, SELECT, EXECUTE, ALTER has "SQLAgentUserRole" for msdb database to manage SQL Server agent jobs. Without access, the user cannot manage the BigFix Inventory index maintenance job. Instead to the index maintenance job being created/updated, warning appears in the tema.log log file.
SQL Server database user for BigFix Inventory to access SQL Server BigFix Platform BFEnterprise database	Database user has have following permissions on BFEnterprise database: `CREATE FUNCTION`, `CREATE SCHEMA`, `CREATE TABLE`, `CREATE VIEW`, `EXECUTE`, `SELECT` User has the default language set to "English" (not a variety of English). Once BigFix Inventory is installed or updated and the first data import is complete, MS SQL users with lower permissions can access BigFix Platform database. Before any BigFix Inventory update, the data source must be reconfigured to allow the database user, `db_owner` access to BigFix Platform database. If you do not reconfigure the data source, the next data import might fail. Following are the required minimal permission for a user on BigFix Platform database to run regular import: `DEFAULT_DATABASE=[BFEnterprise] DEFAULT_LANGUAGE=[us_english] Server Role: public Permissions: CONNECT TO ANY DATABASE CONNECT SQL BFEnterprise database permissions Roles: public, db_datareader Permissions: EXECUTE GRANT EXEC TO <user>`
SQL Server database user for BigFix Inventory to access SQL Server BigFix Platform Web Reports database (BESReporting)	User has the default language set to "English" (not a variety of English).`SELECT`

Table 2. Installation accounts for the components of the BigFix Inventory infrastructure on Linux
Account	Account Permissions and Roles	Limitations
OS Account to install and run BigFix Inventory server	root or non-root user	Server that is installed by a non-root user is not registered as a system service. It also cannot be upgraded with a fixlet. It must be upgraded in interactive or silent mode.
OS Account to install and run DB2® database	root or non-root user	For information about limitations that apply when you install DB2® as a non-root user, see the following links. Non-root installation overview DB2® 11.5 documentation
DB2 database user for BigFix Inventory database	To allow the application installation and operation user with authorities: DBADM, DATAACCESS, and ACCESSCTRL is required. There is recommended to create a dedicated database user for BigFix Inventory with about authorities. The user got assigned roles and permissions for created BigFix Inventory Database during database creation.
DB2 database user for BigFix Inventory to access DB2 BigFix Platform database (BFENT)	DBAUTHDATAACCESS
DB2 database user for BigFix Inventory to access DB2 BigFix Platform Web Reports database (BESREPOR)	DATAACCESS