Topic last updated—March 2008

Microsoft System Center Configuration Manager 2007 uses SQL roles to control how site systems and Configuration Manager 2007 users interact with the site database. All the necessary SQL roles are created automatically during Setup and assigned the necessary permissions.

Important
Modifying the roles created by Configuration Manager 2007 and the permissions assigned to those roles is not supported.

The following database roles for Configuration Manager 2007 site roles are created to allow site system roles write access to the site database:

The following database roles for Configuration Manager 2007 site roles are created to allow site system roles read-only access to the site database:

The following database roles for Configuration Manager 2007 SP1 site roles are created to allow site system roles read-only access to the site database:

The following database roles for Configuration Manager 2007 R2 site roles are created to allow site system roles access to the site database:

The Client Status Reporting Host role has read permissions to the site database and execute permissions to stored procedures. The Multicast-Enabled Distribution Point role has read-only access to the site database.

Database Connection Accounts

The management point, PXE service point, and server locator point can connect to the database using the computer$ account or using a database connection account (Management Point Database Connection account, Server Locator Point connection account, or PXE Service Point Database Connection account). If you use the computer$ account, Configuration Manager 2007 automatically attempts to add the account to the database role. If you use a database connection account, you must manually add the user account to the database role.

SMS Schema Users Role (Smsschm_users)

The database schema for Configuration Manager 2007 is not published. Microsoft reserves the right to alter the database schema to improve performance or add functionality. A published schema would lend itself to static assumptions for access to Configuration Manager 2007 data. If the schema is changed, those assumptions are no longer valid.

Because the schema is not available, Microsoft strongly recommends that you not query directly against the site database. Instead, you should perform queries for information from the database in one of the following two ways:

  • Query internally through the Configuration Manager 2007 console.

  • Query externally by using Microsoft Office Excel, Microsoft Office Access, Microsoft SQL Server, Crystal Reports, or similar programs, and then only through the views generated by Configuration Manager 2007 SQL View Generator.

To grant users access to the Configuration Manager 2007 views, add them to the SMS Schema Users role.

See Also