Account for working with the DBMS
To install Administration Server and work with it, you need to create an internal DBMS account. This account allows you to access the DBMS and requires specific rights. When you grant rights and permissions to the DBMS account, follow the principle of least privilege. This means that the granted rights should be only enough to perform the required actions. Note that you should grant rights to the DBMS account before you install and start Administration Server.
Kaspersky Security Center 14 Linux supports MySQL and MariaDB DBMSs. After you create an internal account for one of these DBMSs, grant this account the required rights. Note that the sets of rights for the internal MySQL account and the internal MariaDB account are the same. The required rights are listed below:
- Schema privileges:
- Administration Server database: ALL (excluding GRANT OPTION).
- System schemes (mysql and sys): SELECT, SHOW VIEW.
- The sys.table_exists stored procedure: EXECUTE (if you use MariaDB 10.5 or earlier as a DBMS, you do not need to grant the EXECUTE privilege).
- Global privileges for all schemes: PROCESS, SUPER.
For more information on how to configure the account rights, see Configuring the DBMS account for work with MySQL and MariaDB.
Rights that you granted to the internal DBMS account are enough to restore Administration Server data from the backup.
