Skip to main content


 

Symptoms

 


In SharePoint the following error is thrown:

Error occurred trying to set required SharePoint database permissions for the Deployment Application pool.

In event viewer, we get the following logs:

Log Name: Application
Source: K2 SharePoint
Date: 10.12.2014 11:39:10
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SHP-MCH-CS1-P-E.mch.osram.de
Description:
An error has occurred in a K2 for SharePoint component.

Error details:
User does not have permission to perform this action.
Cannot alter the role 'db_owner', because it does not exist or you do not have permission.

Assembly: SourceCode.SharePoint.ApplicationPages.Administration.dll
Class: ApplicationPoolSection
Method: Execute
 

 

Diagnoses

 


During analysis phase, we discovered the following:

Central admin application pool is running under this account: (e.g. domainsys_spservice_cp) which is also part of the farm admin group in central administration.

The site their are trying to activate features to is setup to use Kerberos authentication. This site use a different web application pool account (e.g. domainsite_app_pool_acc). The account has SPNS setup for it with delegation enabled in Active Directory.

Both these accounts have db_owner and db_securityAdmin rights to K2 database and SharePoint Config database.

They were using a different account (e.g. SPInstallUserAccount) to activate features. This account have db_owner to both K2 and SharePoint database. The account is also part of Farm Admin group in central administration, it is not a system admin account.

Testing resulted in the same error message. We then gave all these accounts the same level of access (db_owner & security_admin) to the content database. Nothing changed, we received the same error message.
 

 

Resolution

It was found that the account they are using to activate features needed db_security admin rights and not db_owner rights to both K2 and SharePoint Config databases. After granting this account security_admin rights to the databases this resolved the issue. We logged this with the documentation team to make clear that the account should have security_admin rights and not db_owner rights as mentioned on the documentation.

Summary of the rights needed

1) K2 service account - db_owner and security_admin on K2 db, SharePoint config db, and SharePoint content db
2) Central Admin application pool account - same level of rights as K2 service account
3) Installation account (the one used to activate features) - db_security_admin on K2 db, and SharePoint config



 
Be the first to reply!

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings