Okay, I didn't know. Thanx
Hi Eric,
The Indicium pool user is used to query the database whenever the users need data or perform an action. Subsequently, the pool user requires permissions to perform any action a user or API caller can do. This counts for both IAM and the product database.
Generally, this means that the Indicium user should be assigned every role. A role with all rights also covers this.
There are a some exceptions:
- If your application uses database mailing, the pool user will need the DatabaseMailUser role in the msdb database.
- If your application performs identity inserts somewhere, the pool user will need alter rights on these tables.
- If your application queries another database, the pool user will need rights on this database.
There are more exceptions, so be sure to test the environment properly.
It would indeed be easiest just to give Indicium db_owner rights on the database, but I would recommend sticking to the minimum set of rights.
The default roles provided with IAM correspond with the various administrative levels. You can find more about this in our
documentation. These roles are a bit different from regular roles as they are not assigned by user group membership but instead assigned by IAM when a user is configured to be an administrator.
