# Insights SQL Permission requirements *Applies to: Patch My PC Advanced and Patch Insights* {% hint style="info" %} If Advanced Insights is installed on your ConfigMgr site server, then you should not need to do any SQL permissions configuration. The Advanced Insights IIS Application Pools can run as the local computer Identity, which has ConfigMgr SQL database access by default. If Advanced Insights is installed on the same server as Config Manager database this account will show as NT Authority\System in SSMS, else if on a different server it will show as the hostname of the server Advanced Insights is installed on. Alternatively, a custom ID can be used. See: [Advanced Insights IIS Application Pool Identity](/patch-my-pc-insights/advanced-insights-iis-application-pool-identity.md) {% endhint %} Advanced Insights needs read access to the ConfigMgr SQL database. If Advanced Insights is installed on a server that is not the ConfigMgr site server, or a custom Active Directory account is used for the IIS application pools, you will need to grant some SQL permissions. ## Assigning Rights to ConfigMgr SQL ### Option 1 - Using the Advanced Insights Computer Account 1. Open SQL Management Studio and connect to the required SQL instance for your ConfigMgr database 2. Execute the following script replacing the **domain\computername** and **CM\_XXX** database name ```sql Use Master DECLARE @ADVINSTSERVERNAME AS VARCHAR(100) DECLARE @CMDBNAME AS VARCHAR(100) SET @ADVINSTSERVERNAME ='domain\computername$' -- Replace 'domain\computername$' - Example 'contoso\sccmsqlsvr$' SET @CMDBNAME ='CM_XXX' -- Replace with the name of your ConfigMgr database name DECLARE @LOGIN_nonquoted AS VARCHAR(100) = @ADVINSTSERVERNAME DECLARE @LOGIN AS VARCHAR(100) = QUOTENAME(@LOGIN_nonquoted) DECLARE @CMDBNAME_nonquoted AS VARCHAR(100) = @CMDBNAME EXEC ('CREATE LOGIN ' + @LOGIN + ' FROM WINDOWS'); EXEC ('USE' +' '+@CMDBNAME+';' + 'CREATE USER ' + @LOGIN + ' FOR LOGIN ' + @LOGIN); EXEC ('USE' +' '+@CMDBNAME+';' + 'ALTER ROLE db_datareader ADD MEMBER' + @LOGIN) ``` ### Option 2 - Using a user account for Advanced Insights Advanced Insights access to the Configuration Manager SQL database can be configured to use a Active Directory user account. This account is set as the IIS application pool identity. See: [Advanced Insights IIS Application Pool Identity](/patch-my-pc-insights/advanced-insights-iis-application-pool-identity.md) 1. Open SQL Management Studio and connect to the required SQL instance for your ConfigMgr database 2. Execute the following script replacing the **domain\username** and **CM\_XXX** database name ```sql Use Master DECLARE @ADVINSTSERVERNAME AS VARCHAR(100) DECLARE @CMDBNAME AS VARCHAR(100) SET @ADVINSTSERVERNAME ='domain\username' -- Replace 'domain\username' - Example 'contoso\john' SET @CMDBNAME ='CM_XXX' -- Replace with the name of your ConfigMgr database name DECLARE @LOGIN_nonquoted AS VARCHAR(100) = @ADVINSTSERVERNAME DECLARE @LOGIN AS VARCHAR(100) = QUOTENAME(@LOGIN_nonquoted) DECLARE @CMDBNAME_nonquoted AS VARCHAR(100) = @CMDBNAME EXEC ('CREATE LOGIN ' + @LOGIN + ' FROM WINDOWS'); EXEC ('USE' +' '+@CMDBNAME+';' + 'CREATE USER ' + @LOGIN + ' FOR LOGIN ' + @LOGIN); EXEC ('USE' +' '+@CMDBNAME+';' + 'ALTER ROLE db_datareader ADD MEMBER' + @LOGIN) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.patchmypc.com/patch-my-pc-insights/insights-sql-permission-requirements.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.