Database Server Permissions
AdminStudio 2025 R2 | 30.0 | Application Manager
Application Manager is included with AdminStudio Professional and Enterprise Editions.
In order to operate some AdminStudio tools, AdminStudio users require specific database permissions. Depending upon the type of user, you may wish to be more selective in the permissions you assign to these users.
If you have AdminStudio Enterprise Edition, you can assign permissions to individual users using the Role functionality in AdminStudio Enterprise Server, as described in AdminStudio and Workflow Manager Roles and Permissions. Otherwise, you can provide more selective restrictions at the database server level using the information in the following table, AdminStudio Database Server Permissions.
Every AdminStudio user will need at a minimum read privilege to every table in the Application Catalog. The minimum permissions are described below, based upon the type of operation you want the user to perform.
| Type | Description |
|---|---|
| General User Administrative Process | General administrative processes cover a range of activities such as adding groups, moving packages around, adding comments, updating extending attributes, etc. For example, these tables include cstblPackage , cstblGroups , and cstblGroupPackages . Any Application Catalog table which is not referenced explicitly in the discussion for the other AdminStudio processes should be considered a general user administrative table. Most AdminStudio users should have write access to these tables. |
| Import Process | The user importing MSI packages, merge modules, or just about anything will require write access to a significant set of Application Catalog tables depending on the type of import. For example: MSI package file—For MSI package file import operations, those Application Catalog tables with a csmsi prefix are populated. Merge modules—For merge module import operations, the csmsm prefixed tables are used. Patches—For patch import operations, the cspch prefix tables are used. OS snapshots—For OS snapshot import operations, the osc prefix tables are used. |
| Validation Process | For this process, the user will need to be able to write entries into the cstblValidationResults and cstblValidationConfiguration tables. |
| Dependency Scanning Process | For this process, the user will need to be able to write entries into the cstblPackageExeDependencies table. |
| Conflict Detection and Resolution Process | For this process, the user will need to be able to write entries into the cstblConflict prefixed table names. |
| Patch Impact Analysis Process | For this process, the user will need to be able to write entries into the cstblPatchConflict prefixed table names. This process will create and delete some temporary tables and, as such, the user performing this process should have the necessary server privileges to perform these operations. |
| Package Auto Import Process | The Package Auto Import process will ultimately generate a series of Import operations, and so the user performing these operations should have the Import process rights described above. If the user wants to edit these operations in the Wizard, then they will need write accession to the cstblSubscribed prefixed tables. |
| Workflow Operations Process | For this process, the user will need to be able to write entries into the wftbl prefixed table names. |
| Tools Properties Operations | For this process, the user will need to be able to write entries into the wftblTools table name. |
| Pre-Deployment Testing | For this process, the user will need to be able to write entries into the pdt prefixed table names. |
A number of processes within AdminStudio generate data which can subsequently be deleted by the AdminStudio user. Any discussion of the minimum privileges required for a specific AdminStudio process will also imply the privileges to delete this same data.