Service Account Privileges

The new CloudControl service account is created with only query privileges on the CloudControl server AD forest. In some environments, the AD administrator may have modified the default account privileges.

The CloudControl service account requires the following permissions in AD:

  • Domain object: Read memberOf

  • User object: attributes memberOf and distinguishedName

  • Group object: attributes member, memberOf, and distinguishedName

If needed, work with your AD administrator to configure these permissions for the CloudControl service account.

We recommend setting the Protect object from accidental deletion option, on the Object tab in the CloudControl service account properties.

 

HyTrust CloudControl v 5.6

Copyright © 2019 HyTrust, Inc. All Rights Reserved.

Follow us: