...
Because each EmpowerID Windows Service accesses the EmpowerID database, service account users must have the right to alter the database on the target SQL server. Specifically, service accounts must have the following database capabilities:
| Required Windows Service Rights |
|---|
| Connect |
| Authenticate |
| Execute |
| Delete |
| Insert |
| Select |
| Update |
Alter — Needed on the following tables only to allow for truncation:
|
Required IIS Application Pool Rights
...
The EmpowerID service account interacts with the local machine to perform a variety of maintenance procedures, including the distribution and maintenance of new workflows and other Workflow Studio published items. The service account needs the following access rights on the local machine:
| Required Local Machine rights |
|---|
| Install files in to the local global assembly cache (GAC) |
| Read the registry |
| Read certificates in the local certificate store |
| Spin child processes |
| Run C# compiler in the background if and when necessary |
| Create files in the temp folder |
| Run remote PowerShell for Microsoft Exchange |
Create files and folders in the following locations:
|
Required Directory Management Rights
...
In addition to the above rights, the EmpowerID Worker Role Service and the EmpowerID Web Role Service each requires service accounts with additional rights. The specific rights needed by each service is as follows:
| EmpowerID Windows Service | Service Account Rights Required |
|---|---|
| EmpowerID Worker Role Service |
|
| EmpowerID Web Role Service |
|
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|