Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Self Service Installation Guide
  3. Appendix F. Reduced Database Permissions for Database Upgrade
  4. Reduced Database Permissions for Database Upgrade
NetBackup™ Self Service Installation Guide

Reduced Database Permissions for Database Upgrade

When you upgrade the database it is necessary to choose a database logon to perform the database upgrade. The simplest choice is to use a user that has the 'sysadmin' role.

If your database administrator (DBA) is unwilling to grant the sysadmin role to you, you can do a database upgrade with a reduced permission set. This appendix describes the upgrade process with reduced permissions.

The following SQL script creates a logon UpgradeUser which is suitable for upgrading the database.

To create a reduced permissions user for upgrade

  1. Run this script in SQL Management Studio, to create a logon and user suitable for upgrading the database
  2. When you run the configurator and select the database to upgrade, choose:
    • Authentication Mode: Sql

    • DB User: UpgradeUser

    • DB Password: password

  3. Once install is complete you can disable or delete the UpgradeUser, since it is only used during the upgrade process.
-- Create a login for upgrading the database
use master
Create Login UpgradeUser WITH PASSWORD = 'password', Check_Policy = OFF
GO

-- Make a database user for the login
-- and give them db_owner role on the target database
USE NetBackupSelfService
CREATE USER UpgradeUser FOR LOGIN UpgradeUser
GO
ALTER ROLE db_owner ADD MEMBER UpgradeUser
GO

-- Allow ownership of database to be transferred to sa.
-- The sa login can be disabled as per good dba practice, 
-- and everything will still work ok.
use master
GRANT IMPERSONATE ON LOGIN::sa to UpgradeUser

Feedback

Was this page helpful?
Previous

Appendix F. Reduced Database Permissions for Database Upgrade

Next

NetBackup Self Service Release Notes

Feedback

Was this page helpful?