Topic last updated—March 2008
Microsoft System Center Configuration Manager 2007 uses SQL roles to control how site systems and Configuration Manager 2007 users interact with the site database. All the necessary SQL roles are created automatically during Setup and assigned the necessary permissions.
 Important |
|---|
| Modifying the roles created by Configuration Manager 2007 and the permissions assigned to those roles is not supported. |
The following database roles for Configuration Manager 2007 site roles are created to allow site system roles write access to the site database:
- SMS Site Server role
(smsdbrole_siteserver)
- SMS Site Provider role
(smsdbrole_siteprovider)
The following database roles for Configuration Manager 2007 site roles are created to allow site system roles read-only access to the site database:
- SMS Management Point role (smsdbrole_MP)
- SMS Server Locator Point role
(smsdbrole_SLP)
- SMS PXE Service Point roles
(smsdbrole_PSP)
- SMS Device Management Point role
(smsdbrole_DMP)
- SMS Reporting Point role (smsdbrole_RP)
- SMS State Migration Point role
(smsdbrole_SMP)
- Web Report Application role
(Webreport_approle)
The following database roles for Configuration Manager 2007 SP1 site roles are created to allow site system roles read-only access to the site database:
- Asset Intelligence Synchronization Point role
(smsdbrole_AIUS)
- Out of Band Management Point role
(smsdbrole_AMTSP)
The following database roles for Configuration Manager 2007 R2 site roles are created to allow site system roles access to the site database:
- Client Status Reporting Host role
(smsdbrole_CH)
- Multicast-Enabled Distribution Point role
(smsdbrole_MCS)
The Client Status Reporting Host role has read permissions to the site database and execute permissions to stored procedures. The Multicast-Enabled Distribution Point role has read-only access to the site database.
Database Connection Accounts
The management point, PXE service point, and server locator point can connect to the database using the computer$ account or using a database connection account (Management Point Database Connection account, Server Locator Point connection account, or PXE Service Point Database Connection account). If you use the computer$ account, Configuration Manager 2007 automatically attempts to add the account to the database role. If you use a database connection account, you must manually add the user account to the database role.
SMS Schema Users Role (Smsschm_users)
The database schema for Configuration Manager 2007 is not published. Microsoft reserves the right to alter the database schema to improve performance or add functionality. A published schema would lend itself to static assumptions for access to Configuration Manager 2007 data. If the schema is changed, those assumptions are no longer valid.
Because the schema is not available, Microsoft strongly recommends that you not query directly against the site database. Instead, you should perform queries for information from the database in one of the following two ways:
- Query internally through the Configuration
Manager 2007 console.
- Query externally by using Microsoft Office
Excel, Microsoft Office Access, Microsoft SQL Server, Crystal
Reports, or similar programs, and then only through the views
generated by Configuration Manager 2007 SQL View
Generator.
To grant users access to the Configuration Manager 2007 views, add them to the SMS Schema Users role.