ApexSQL Audit – Permissions and requirements

This article provides information about required permissions and software requirements for ApexSQL Audit installation.

ApexSQL Audit requires Windows administrator permissions for installation in order to properly setup all of its components and its access to the Central Repository Database.

ApexSQL Audit GUI does not require any special permissions on the local machine where the central instance is running, as it communicates with the installed service which has received appropriate permissions during the installation.

The same applies to required permissions for the reporting application; by default only local users (Windows Authentication) have access to the reporting application.

Above described permissions are required by the user during the installation or use. The following actual permissions are set and used by the product:

  • For both central and distributed instances:

    • The log on account for the ApexSQL Audit service must be a member of sysadmin server role on the SQL Server instance audited.
    • The Log on as service user rights are required for the account running the service.
    • The service requires read and delete access to the SQL Trace folder where traces files are being generated.
    • The monitored SQL Server instance requires write access to the SQL Trace folder where traces files are being generated.
  • Reporting application:

    • Open port to the machine where Central instance is installed.
    • Folder Read/write permissions where exported reports are saved.

Software requirements

Depending on the ApexSQL Audit component to be installed, the following software is required to be installed prior to installation:

  • The central ApexSQL Audit instance

    • Microsoft SQL Server 2008 or greater
    • Microsoft .NET Framework 4.7.1
  • A distributed ApexSQL Audit instance

    • Microsoft SQL Server 2005 or greater
    • Microsoft.NET Framework 4.7.1
  • ApexSQL Audit Reporting application requires:

    • Microsoft .NET Framework 4.7.1

Hardware requirements

Both minimum and recommended hardware requirements for ApexSQL Audit are the same as described in the Hardware and Software Requirements for Installing SQL Server. Additionally, we recommend using multi-core processors as ApexSQL Audit heavily relies on parallel job processes to provide fast processing of audited data.

There are additional communication and HDD space requirements:

  • Both central and distributed ApexSQL Audit instances use port 64561 by default. This is user configurable however.
  • HDD space:

    • Each ApexSQL Audit instance (including central and all distributed ApexSQL Audit instances) requires 5GB of free HDD space for:

      • Temporary trace files (10MB each) generated by SQL Server until they are parsed and removed by ApexSQL Audit instance.
      • Storing packages (10MB each) generated by distributed instances prior to their transfer to the central instance. These are deleted once successfully transferred to the central instance; transfer is initiated every 3 seconds.
      • Note: required space covers edge situations when SQL Server generates a large number of trace files before they are handled or in case there is a delay in package transfer to the central instance. In case the ApexSQL Audit service is stopped by the administrator, SQL Server immediately stops creating trace files which prevents HDD overload.

    • The central ApexSQL Audit instance requires 5GB for central repository alone, and additional 1GB per connected distributed instance for storing packages into a central instance local folder. These are deleted once the data in them is successfully stored in the central repository database; this operation is immediate and it’s delayed only in rare cases of overload, when packages can accumulate until SQL Server is free to store them into the repository. This also covers the situation when quick maintenance of SQL Server which hosts central repository database is required (e.g. restart).