Skip to main content

Add the SeSecurityPrivilege privilege to the user account (for SQL Server of SMB shares)

Contributors

The domain user account used for installing the SQL server must be assigned the “SeSecurityPrivilege” privilege to perform certain actions on the CIFS server that require privileges not assigned by default to domain users.

What you'll need

The domain account used for installing the SQL Server must already exist.

About this task

When adding the privilege to the SQL Server installer's account, ONTAP might validate the account by contacting the domain controller. The command might fail if ONTAP cannot contact the domain controller.

Steps
  1. Add the “SeSecurityPrivilege” privilege:

    vserver cifs users-and-groups privilege add-privilege -vserver vserver_name -user-or-group-name account_name -privileges SeSecurityPrivilege

    The value for the -user-or-group-name parameter is the name of the domain user account used for installing the SQL Server.

  2. Verify that the privilege is applied to the account:

    vserver cifs users-and-groups privilege show -vserver vserver_name ‑user-or-group-name account_name

Example

The following command adds the “SeSecurityPrivilege” privilege to the SQL Server installer's account in the EXAMPLE domain for storage virtual machine (SVM) vs1:

cluster1::> vserver cifs users-and-groups privilege add-privilege -vserver vs1 -user-or-group-name EXAMPLE\SQLinstaller -privileges SeSecurityPrivilege

cluster1::> vserver cifs users-and-groups privilege show -vserver vs1
Vserver   User or Group Name          Privileges
--------- ---------------------       ---------------
vs1       EXAMPLE\SQLinstaller        SeSecurityPrivilege