What are the default SCSP SQL database accounts and what are they used for?
search cancel

What are the default SCSP SQL database accounts and what are they used for?

book

Article ID: 152506

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Advanced

Issue/Introduction

What are the default SCSP SQL database accounts and what are they used for?

Resolution

SCSPDBA – The DB owner account used for managing the actual SCSP DB. You provide the password during install. This password is not recorded but you will need to know it when subsequent upgrades are performed. This account has “owner” privileges and can manipulate all the structures and data in the SCSPDB, but has no privileges with regard to the SQL Server Instance or any other database defined within the instance –- just control over SCSPDB.  It is not used for any operational activities only initial install and upgrades.

 

SCSP_OPS – The account (and generated password) SCSP creates for the Tomcat Application Server to talk to the SQL Server Database. The credential information is recorded in the server.xml file for the JDBC URL access to the database. This account can read and write data in SCSPDB but cannot perform any schema changes (ie it cannot create or delete table definitions, stored procedures, etc). There is normally no reason for you to know about this account or the extremely long 40 character password it uses. The server.xml file is protected from read-access by OS ACL’s as well as by SCSP default protection policies for anyone except the Tomcat process. The Database administrator can, after install and access granted, change the password to whatever they want.  This account is used during all operational SCSP activity but it cannot change the schema, stored procedures, views, etc of the SCSPDB or any other database.

 

SCSP_PLUGIN – The account (and generated password) SCSP creates for limited access to third-party plugin tools (such as SSIM, ArcSight, others). This account has read-only access to the SCSP database. If you want to utilize this account, set the password to a known value (using a sysadmin privileged account such as sa) and give this username (scsp_plugin) password information to the plug-in tool for this limited access to the database.

 


UMCADMIN - This account allows the Tomcat Application Server to talk to the dcsc_umc SQL Server Database.  The credential information is recorded in the server.xml file for the JDBC URL access to the database. This account can read and write data in dcsc_umc but cannot perform any schema changes (ie it cannot create or delete table definitions, stored procedures, etc).

 

SCSPGuest – Optionally created during install if you want to create a READONLY user account that could be used for external ODBC/JDBC access to the SCSPDB data. This account is only created if you request it.

 

Please note: Changing these accounts in any way (roles, permissions, or substituting with different accounts for example) is NOT supported and will likely cause malfunctions within the application.