0
0 Comments

Hi All,

On a new farm installation of SP 2013 (version 15.0.4569.1000), on SQL 2012 SP1 (version 11.0.3401),
I’ve investigated the SQL Default Trace log and noticed permissions that are constantly applied over and over again every second.
We have enabled default Health and Usage metrics and the application “SharePoint[OWSTIMER][1][SP_Service_UsageAndHealth]” keeps re-applying the permissions as follows:

GRANT EXECUTE ON [proc_GetCorrelationIdAndUsers] TO [TCORPAD\svc_sp_portalapppool]
GRANT EXECUTE ON [proc_GetMonitoredScopes] TO [TCORPAD\svc_sp_prfapppool]
GRANT EXECUTE ON [proc_GetMonitoredScope] TO [TCORPAD\svc_sp_prfapppool]
GRANT EXECUTE ON [proc_GetDiagnosticsData] TO [TCORPAD\svc_sp_prfapppool]

GRANT EXECUTE ON [proc_GetMonitoredScopes] TO [TCORPAD\svc_sp_portalapppool]
GRANT EXECUTE ON [proc_GetMonitoredScope] TO [TCORPAD\svc_sp_portalapppool]
GRANT EXECUTE ON [proc_GetDiagnosticsData] TO [TCORPAD\svc_sp_portalapppool]
GRANT EXECUTE ON [proc_GetCorrelationIdAndUsers] TO [TCORPAD\svc_sp_portalapppool]

I have verified that the farm account has DBO perms to the Health DB as well as securityadmin at the server level. The permissions logged are actually being applied to the stprocs to the WebApp AppPool accounts.

I then worked with Microsoft and their reply is:

“We can confirm from that the repeated “grant execute” is a by-design behavior. The grant permission action was triggered by a timer job named “job-diagnostics-performance-metric-provider” which will execute every minute.”

So the default trace gets flooded with repeated permissions from every app and web server in our farm. I want to post here to verify with others that this behavior is consistent with other people’s implementation. Thoughts and confirmations are welcome.

Cheers

-R.R.

(Visited 125 times, 1 visits today)
Add a Comment