It is recommended to create a dedicated user account for the CardioLog application. In order to fully run the CardioLog application, the following permissions and roles are required.
Required Permissions for SharePoint On Premise
Setup User Account Permissions
The following permissions and roles are required for the user account which installs CardioLog:
- A local administrator on the CardioLog application server.
- "serveradmin", "securityadmin" and "dbcreator" SQL server roles are required on the SQL Server that hosts the CardioLog database.
CardioLog Service Account Permissions
The following permissions and roles are required for the user account which runs the CardioLog application on a regular basis (the user account is selected during the installation):
- A local administrator on the CardioLog application server. In case a Group Policy is enforced, confirm that the service account has the "Log on as a service", "Log on as a batch job" and "Allow log on locally" rights.
- "db_owner" on the CardioLog database. This is granted automatically by the installer.
- Full Control permissions for the CardioLog Installation Folder, which is granted automatically by the installer.
- The Administrator role in CardioLog, which is granted automatically by the installer.
- Optional: "processadmin" role on the CardioLog SQL server. This is used to allow end users to cancel queries (eg,. report loading).
- Optional: "view server state" permission on the CardioLog SQL Server. This is used to collect internal SQL statistics on the CardioLog database performance, such as the current database size, index fragmentation rates, and I/O rates.
- For SharePoint 2007, 2010 and 2013 (database import mode):
- db_datareader on the SharePoint config, content and user profiles databases
- Read access to the SharePoint TEMPLATE directory.
The TEMPLATE directory is usually found in these paths depending on your version of SharePoint:
[SharePoint 2013 Server]\%PROGRAMFILES%\Common Files\Microsoft Shared\web server extensions\15\TEMPLATE
[SharePoint 2010 Server]\%PROGRAMFILES%\Common Files\Microsoft Shared\web server extensions\14\TEMPLATE
[SharePoint 2007 Server]\%PROGRAMFILES%\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE
Creating a share is recommended - \\sharepointservername\XX\TEMPLATE.
- For SharePoint 2013 (REST API import mode), SharePoint 2016 and 2019:
- SharePoint farm admin service account. Make sure that:
- The account is a member of the Farm Administrators group in SharePoint Central Administration > Application Management > Manage Web Applications > People and Groups > Farm Administrators.
- The account has full read access rights to the selected web applications in SharePoint Central Administration > Manage Web Application > User Policy as detailed below:
- SharePoint farm admin service account. Make sure that:
The following permissions and roles are required for the user account which runs the CardioLog Analytics Configuration Wizard:
- If you are deploying the JavaScript tracking code through a SharePoint feature, SharePoint farm administrator, a local administrator on the SharePoint application server and WFEs, permissions to execute PowerShell scripts remotely on the SharePoint application server and WFEs, and "db_owner" and "SharePoint_Shell_Access" roles on the SharePoint config database are required.
- If you are adding the JavaScript tracking code to SharePoint init.js file instead of deploying the SharePoint feature, write access to the SharePoint TEMPLATE directory is required.
The TEMPLATE directory is usually found in these paths depending on your version of SharePoint:
[SharePoint 2013 Server]\%PROGRAMFILES%\Common Files\Microsoft Shared\web server extensions\15\TEMPLATE
[SharePoint 2010 Server]\%PROGRAMFILES%\Common Files\Microsoft Shared\web server extensions\14\TEMPLATE
[SharePoint 2007 Server]\%PROGRAMFILES%\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE
Creating a share is recommended - \\sharepointservername\XX\TEMPLATE.
Required Permissions for SharePoint Online
Setup User Account Permissions
The following permissions and roles are required for the user account which installs CardioLog:
- A local administrator on the CardioLog application server.
- Permissions to "create any database" and "alter any login" on the SQL Server that hosts the CardioLog database.
CardioLog Service Account Permissions
The following permissions and roles are required for the user account which runs the CardioLog application on a regular basis (the user account is selected during the installation):
- A local administrator on the CardioLog application server. In case a Group Policy is enforced, confirm that the service account has the "Log on as a service", "Log on as a batch job" and "Allow log on locally" rights.
- "db_owner" on the CardioLog database. This is granted automatically by the installer.
- Full Control permissions for the CardioLog Installation Folder, which is granted automatically by the installer.
- The Administrator role in CardioLog, which is granted automatically by the installer.
- Optional: "processadmin" role on the CardioLog SQL server. This is used to allow end users to cancel queries (eg,. report loading).
- Optional: "view server state" permission on the CardioLog SQL Server. This is used to collect internal SQL statistics on the CardioLog database performance, such as the current database size, index fragmentation rates, and I/O rates.
- A user account with the SharePoint Administrator role in Office 365 Admin Center, found under Customized Administrator when editing User Roles in MS Office 365.