We're going to deploy SCOM 2012. SQL Cluster will be used to allocate Operational and Datawarehouse databases. We're creating/preparing the accounts, and we have some doubts: 1) What permission are necesssary to SDK Account? is it necessary a local administrator cluster account or only sql sysadmin rights? 2) What permission are necesssary to SCOM Setup Account? is it necessary a local administrator cluster account or only sql sysadmin rights?

1) SDK account:must have local administrative credentials 2) scom setup account:have local administrative credentials on DB server; account must be a member of the sysadmin server role ; also have access to the master database Please refer to the following technet document for detail http://technet.microsoft.com/en-us/library/hh298609.aspx Roger

1) SDK account:must have local administrative credentials 2) scom setup account:have local administrative credentials on DB server; account must be a member of the sysadmin server role ; also have access to the master database Please refer to the following technet document for detail http://technet.microsoft.com/en-us/library/hh298609.aspx Roger

Hi, You can also look at belog blog on OpsMgr security account rights mapping - what accounts need what privileges? http://blogs.technet.com/b/kevinholman/archive/2008/04/15/opsmgr-security-account-rights-mapping-what-accounts-need-what-privileges.aspx Thanks, Varun

Hi, the SDK account must have local administrative rights and it should be either a Domain User or Local System and it needs sysadmin rights in SQL and to be more specific it requires the following rights in the OperationsManager database: (Db_datareader, Db_datawriter, Db_ddladmin ,Configsvc_user, Dwsynch_users , Sdk_Users, Public) and in the OperationsManagerDW: ( Db_datareader , OpsMgrReader, Public) and for the SCOM Action Account should be a domain account, which has local administrative rights and it requires the following rights in the OperationsManager database: (Db_datareader, Db_datawriter, Db_ddladmin , Dwsynch_users , Sdk_Users, Public) Oussama Oueslati | System Engineer | vNext Consulting

The SDK account does NOT EVER need "sysadmin rights". The spreadsheet above calls out the "final rights" needed for each account. If you are preparing accounts, the SDK account should simply be a domain user, no special rights in the domain. Then - on the RMS/MS, the SDK should be a local admin. Then - the installation (run by a normal actual user account) will provide the rest of the necessary granular rights required to the OS or SQL roles.Kevin Holman http://blogs.technet.com/b/kevinholman