1017 - Rights Requirements for SES and the SQL Database

  • Updated on Feb 6, 2026
  • 1 minute(s) read
  • VN
 Prev Next

Rights Requirements for SES and the SQL Database

Overview

This article outlines the minimum user rights required when using Windows Authentication mode to install, upgrade, and execute SecureDoc Enterprise Server (SES) components, and to connect to the SES database. For demonstration purposes, the examples below use:

  • User: winmagic\test11
  • Database: test11

Applies to:

  • Windows Server Operating System
  • All SecureDoc Enterprise Server (SES) versions
  • SQL Server Express/Standard/Enterprise editions

Windows Rights

Client Side

  • Installation:
    • SES must be installed by a local Administrator.
    • Applies whether installing SES fully on a server or deploying components (e.g., SDConnex on secondary servers, SES Console on an administrator’s workstation).
  • Running the Console:
    • The user must be at least a Standard User within the domain.
    • The user must also be added to the local Administrators group on the workstation.
  • Tip:
    • For multiple SES Administrators, create a domain group and assign permissions to that group for easier administration.

Server Side

Database Creation/Upgrade:

  • The user must be temporarily added to the local Administrators group on the database server.
  • After the database creation or upgrade is complete, the user can be removed from the local Administrators group.

Database Requirements

Authentication

  • Preferred Method: Windows Authentication
    • Credentials are encrypted over the network.
  • Alternative: SQL Server Authentication
    • Credentials are sent in clear-text, less secure.

Database Engine-Level Permissions

General Section:

  • Windows Authentication → Enter the user or group requiring access.
  • SQL Server Authentication → Provide username and password.

Server Roles Section:

  • No server roles need to be selected.

User Mapping Section:

  • Ensure SES databases are checked.
  • Select public and SD_Admin for Database role membership.
  • Apply these settings for all SES-related databases.

Database-Level Permissions

Within the SES database, configure the following for the account or group connecting:

  • Owned Schema and Membership Panels:
    • db_datareader
    • db_datawriter
    • db_owner
    • public
    • SD_Admin
    • SD_User

Notes

All SES Versions:

  • SecureDoc used two databases: SES and SES_Log.
  • The same permissions had to be applied to both.