This article provides information about minimum user permissions required for documenting in ApexSQL Doc, a SQL server, SSIS, SSAS, SSRS and Tableau server documentation tool.
Requirements for creating SQL Server database engine documentation on a local server
To begin the documentation process in ApexSQL Doc, at least one database engine must be specified within the local server, using Windows authentication:
or using SQL Server authentication:
Permissions required to generate a database documentation depend on the database objects within particular database and its granted permissions Minimum user permissions requires granted full access to the dbo user, matched with its default database role (dbo_owner) and schema (dbo), in order to document all objects within the particular database.
Requirements for creating SQL Server database engine documentation on a remote server
For documenting database from a remote SQL server, it is required to have Login permission (as a member of a server role) or shared Windows authentication from the system owner. Any other permission depends on the remote database and server settings (especially for dbo granted roles):
The most common way to connect to a remote SQL Server is with SQL Server authentication, where username and password must be provided, and with permission granted by the system owner, through guest IP address inclusion on remote SQL Server:
Requirements for creating Integration services documentation
When documenting SSIS packages from a local SQL Server and especially from SSIS package store (SQL Server 2005 and higher), ApexSQL Doc needs to be run with Windows administrator privileges. Without those privileges, documenting SSIS packages is not possible and ApexSQL Doc displays information about Administrator privileges requirement:
If particular SSIS package files are encrypted, non-administrator users must provide the password to document these packages. If the credentials are not valid or entered, that particular SSIS package will not be included in generated documentation.
Before any attempt of documenting SSIS package with encryption, the following message will be displayed, informing user that valid credentials must be entered:
In order to properly document encrypted packages, the user is required to enter valid credentials (a password) for the particular package in the dedicated field:
Requirements for creating SSAS documentation
To document SSAS databases in ApexSQL Doc, Multidimensional or Tabular Databases must be added within the local Analysis services server:
There are no special user permissions required to generate SSAS documentation in ApexSQL Doc, within Administrator privileges.
Requirements for creating SSRS documentation
There are no special user permissions required for creating a SSRS documentation from Reporting Services within a local SQL server and Administrator role. However, for Native and SharePoint web servers, valid administrative or user credentials are required. If not, ApexSQL Doc will notify the user in order to enter them.
Requirements for creating Tableau server documentation
There are no special user permissions required for creating a Tableau server documentation from Tableau Server or Tableau Online. However, to connect to both Tableau Server and Tableau online, valid administrative or user credentials are required. If not, ApexSQL Doc will notify the user in order to enter them:
Error messages (via GUI and CLI) related to insufficient permissions?
The following error message appears when trying to document databases from remote SQL Server without any permissions granted:
When trying to document databases from remote server via ApexSQL Doc CLI, the following return code is displayed:
Trying to document SSIS packages from local SQL server or SSIS Package store without Windows Administrator privileges, will trigger the following message:
The following message is displayed when trying to document SSIS packages via ApexSQL Doc CLI, without Administrator privileges:
Troubleshooting insufficient permissions
dbo permissions are minimum user requirements for documenting a database from a remote SQL Server. Without those, an instance of the remote SQL Server could still be visible in ApexSQL Doc, but only permissioned database objects will be included in the generated documentation. Before any attempt at documenting the database from remote SQL Server, with limited access, the user will be notified with following message:
The minimum user permissions required for documenting SSRS in Native mode are My Reports and Content Manager user roles within Folder Security settings. If one or both of these user roles are not applied, the user will be warned about restricted access to the specific server and will not be able to create SSRS documentation in ApexSQL Doc: