Permissions of the DES service account on the database

For operation, the DES service account requires the following role memberships in the DriveLock database:

db_datareader: Read data

db_datawriter: Write data

srcsystem: custom role installed by DriveLock, allows to run stored procedures and use custom table types.

For database maintenance (index maintenance), backups and deletion of old data, the DES service account additionally requires role membership for db_owner. This is optional and recommended for operation with SQL Server Express, where no SQL jobs can be created for these tasks. During installation it is possible to select whether the DES service account gets this permission.