Help for Administration

Ready to get started with Callisto? We’re here to help. Browse through our most popular articles or get in touch if you need advice on something more specific to your SCCM environment.

Callisto Help > Setup and user administration > Callisto as a Service Database Permissions

Callisto as a Service Database Permissions

To use Callisto, we need to be able to access the SCCM database. This article is for Callisto as a Service. If you are using Callisto on Premise, please see this article

The user account running the Callisto Controller will either be the local user (if using the user controller) or the Callisto server (if running the central controller).

If you are installing the Callisto Central Controller on your SCCM server, you almost certainly don't need to do anything else (this is our recommendation). You can read more about choosing a controller here.

If using the Callisto user controller and your users do not yet have read access to the SQL database, the easiest way to fix this is to run a quick SQL script to grant rights for an AD group. Note that this does not set the rights the user will have in Callisto or in ConfigMgr, Callisto obeys ConfigMgr's RBAC model. This simply allows users the rights to view data via the Callisto portal, what they see and the rights they have over those objects is set in ConfigMgr itself and in the Callisto portal.

CREATE login [domain\groupname] FROM WINDOWS
CREATE user [domain\groupname];
CREATE ROLE db_executor
GRANT EXECUTE TO db_executor

ALTER ROLE db_executor ADD MEMBER [domain\groupname]
ALTER ROLE db_datareader;
ADD MEMBER [domain\groupname]

for example:

CREATE login [PERIJOVE\sg-CallistoAcces] FROM WINDOWS;
CREATE user [PERIJOVE\sg-CallistoAcces];
CREATE ROLE db_executor;
GRANT EXECUTE TO db_executor;
ALTER ROLE db_executor;
ADD MEMBER [PERIJOVE\sg-CallistoAcces];
ALTER ROLE db_datareader;
ADD MEMBER [PERIJOVE\sg-CallistoAcces];

You can also use the SQL Management Studio GUI to add the relevant group by navigating to Databases - CM_XXX - Security - Users. Here you can right click, select new and then browse for your group. On the Membership tab you can select db_datareader and db_execute.