Assigning Database Permissions (Callisto On Premise)
Callisto On Premise and Callisto as a Service require read permissions on the ConfigMgr database. There are a few ways to achieve this, our recommendation for Callisto On-Premise is to grant the Callisto server computer account datareader and database executor rights to the database as shown below. Note that if you have installed Callisto on the ConfigMgr server, none of this is configuration is required and you can skip the rest of this page.
For Callisto as a Service permissions configuration please see here.
Assigning Permissions to the Callisto Computer Account
Open SQL Management Studio and connect to the required SQL instance(s). Execute the following script replacing the domain\computername and database names.
USE MASTER CREATE LOGIN [domain\computername$] FROM WINDOWS; USE CM_DB1; CREATE USER [domain\computername$]; --Executor rights are required for On-Premise Callisto only. These rights are used in the Search and Compliance Baseline features. CREATE ROLE db_executor GRANT EXECUTE TO db_executor ALTER ROLE db_executor ADD MEMBER [domain\computername$] ALTER ROLE db_datareader; ADD MEMBER [domain\computername$]
Running the Application Pool under a service account
Alternatively, we can modify the account the Application Pool uses to be an account with the rights granted above. In this case, add the user account using the script above or SQL Admin Studio and then modify the application identity property