Below you will find a security account matrix for SCOM 2022, that includes all the common service and security accounts in SCOM, and their default or recommended permissions. This includes the management servers, the database servers, SQL Role permissions, and database mappings. You can use this to correct deployments where permissions got modified incorrectly, or to verify that a least privileged model is being used.
Download: https://kevinholman.com/files/SCOM2022_Security_Matrix.xls
Example:
This matrix is for SCOM 2022.
For SCOM 2019, please see: https://kevinholman.com/2020/07/23/scom-2019-security-account-matrix/
For SCOM 2016, please see: https://kevinholman.com/2019/03/08/scom-2016-security-account-matrix/
Hi Kevin, shouldn’t there also be SCOM_Service account ?
For what purpose?
Service account under which all all rules run by default on the agent. Or that would be SCOM Action account in your Matrix?
For the agent – that should be Local System (as the Default Agent Action Account)
For the Management Server – that is the Management Server Action Account as documented.
Understood. Thank you, Sir!