Permissions

File Access Manager requires the following permissions on an SQL Server’s login:

• GRANT CONNECT ANY DATABASE ON SERVER LEVEL

• GRANT VIEW ANY DEFINITION ON SERVER LEVEL

  This covers the permission: VIEW ANY DATABASE ON SERVER LEVEL

• GRANT VIEW SERVER STATE ON SERVER LEVEL

  

Why do we need this access?

The SQL connector uses these privileges in order to define the last access date of object in the SQL Server for use by the stale data feature.

File Access Manager uses "The principle of least privilege".

CONNECT ANY DATABASE is a simple server-level permission that provides access to all current and future databases. On its own, there is no further functionality provided, but when combined with other permissions, it can allow business security needs to be met with ease.

Combined with VIEW SERVER STATE, a login can now monitor server and database metrics via a host of dynamic management views.

File Access Manager collects last_access properties from database metrics and use them to define stale data.

For users running SQL Server 2012

The permission CONNECT ANY DATABASE was Introduced in SQL Server 2014.

For earlier versions of SQL Server, you can use the combination of the permissions

• CONNECT ANY DATABASE

• SELECT ALL USER SECURABLES

These will allow the login to connect to any database, and to read from any database they have access to.