How to Install Actions Express with a Non-Sysadmin Users
First-time installations of Actions Express require sysadmin privileges. Once installed, you can de-escalate privileges and permissions as described here.
Prerequisites
For a new installation:
- Create two empty databases:
- AyehuMaster using this exact name
- Ayehu can be renamed to match new tenant. The name must be entered when running the installer and providing database connection details.
For an upgrade:
- A database user must be assigned the dbowner role for the existing AyehuMaster and tenant databases.
SQL Roles and Permissions
The following SQL roles and permissions are required. Navigate to the Security > Logins section of the SQL server:
- The DBCreator Server Role is required to create the initial database and create or modify tables in the database. Ensure the default public permission is retained.
- A Public role for each system database:
- master
- model
- msdb
- tempdb
- A SQLAgentReaderRole is required for the msdb database. This role is used for creating and altering jobs and viewing the history of previously created jobs. For AWS RDS installations, grant the SQLAgentOperatorRole for the msdb database to enable job creation and management.
note
Notes
- The SQLAgentReaderRole applies only to the msdb database, as it is relevant to jobs managed within this database.
- The default public role must remain as is.
- In single-tenant installations, the dbcreator role can be removed, but the user must retain db_owner permissions.
- In multi-tenant environments, the dbcreator role must be kept because new databases are created for each new tenant.