Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE

Qlik Sense Repository Database service running on local system account

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

Qlik Sense Repository Database service running on local system account

Last Update:

Nov 8, 2021 1:02:46 AM

Updated By:

Sonja_Bauernfeind

Created date:

May 21, 2015 1:14:13 AM

After installation, all the services are running under a service account, but only Qlik Sense Repository Database is running under Local System account:

local system account.png

 

Environment:

Qlik Sense Enterprise on Windows 




This is mandatory. The Qlik Sense Repository Database service needs to run on a local account and not the specific service account.  


From the PostgreSQL Wiki page

Why do I need a non-administrator account to run PostgreSQL under?

When a hacker gains entry to a computer using a software bug in a package, she gains the permissions of the user account under which the service is run. Whilst we do not know of any such bugs in PostgreSQL, we enforce the use of a non-administrative service account to minimise the possible damage that a hacker could do should they find and utilise a bug in PostgreSQL to hack the system.

This has long been common practice in the Unix world, and is starting to become standard practice in the Windows world as well as Microsoft and other vendors work to improve the security of their systems.

 

What filesystem permissions does PostgreSQL require?

The PostgreSQL service account needs read permissions on all directories leading up to the service directory. It needs write permissions only on the data directory. Specifically, it should not be granted anything other than read permissions on the directories containing binary files. (All directories below the installation directory are set by the installer, so unless you change something, there should be no problem with this).

PostgreSQL also needs read permissions on system DLL files like kernel32.dll and user32.dll (among others), which is normally granted by default, and on the CMD.EXE binary, which may in some scenarios be locked down and need opening.

If you are running PostgreSQL on a multi-user system, you should remove the permissions from all non-administrative users from the PostgreSQL directories.

 

Related Content:

Qlik Sense Service Account requirements and how to change the account  

Qlik Sense Enterprise on Windows
Thumbnail of Qlik Sense Enterprise on Windows
Qlik Sense Enterprise on Windows
Labels (1)
Labels:
1,902 Views
Was this article helpful? Yes No
Contributors
Version history
Last update:
‎2021-11-08 01:02 AM
Updated by:
Digital Support