During Forcepoint DLP installation, modification, or repair, the account used for database creation and access needs sysadmin server role membership. Also,
Backup database permission on the
URL database is required for installation only. After installation, the account privileges can be reduced to the
db_owner of the newly created databases, and no access to any other user database except system databases such as UEL, tempdb, and model is required. Additionally, the
dbcreator server role should be granted to enable backup and restore functionality.
See the Certified Product Matrix for supported versions of SQL Server.
For Data solutions, partition rollover is configured on the Data > Settings > General > Archive Partitions page in the Forcepoint Security Manager. Here, you configure when to create an archive partition and when to restore it. For instructions, refer to "Archiving incident partitions" in the
Forcepoint DLP Help.
For web and email security solutions, the available Log Database partitions, both enabled and disabled, are listed on the Settings > Reporting > Log Database page in the respective Web Security and Email Security modules of the Forcepoint Security Manager. To include data from a disabled partition, first enable it, then run the report. You can use this page to disable the partition again once you have retrieved the desired data.
When you install reporting components in a network that uses a SQL Server cluster, it is imperative that the cluster's virtual IP address is used to configure the reporting database connection. When this is done, reporting data is sent to SQL Server via the virtual IP address.