Tenable Patch Management Database

The Tenable Patch Server requires its own SQL Server database.

Database Considerations

Prepare for the Tenable Patch Management Database prior to installing the Tenable Patch Server. Choose either a local server or a remote server to host the database and choose the SQL Server Edition.

Tenable Patch Management Database Host Server

  • Local server: This is the server that also hosts the Tenable Patch Server.

  • Remote server: This is any remote server you choose, including an existing SQL database or a SQL database associated with an integrated third-party product (ConfigMgr or Workspace ONE).

Tenable Patch Management Database SQL Server Edition

  • SQL Server Express Edition

  • SQL Server Standard or Enterprise Edition

  • An existing SQL Server instance

Make note of the server details and the SQL Server Edition you choose. The Tenable Patch Server installation may require configuration details such as the following:

  • Database name

  • Server location

  • Communication port

  • Domain

  • Read-only Login information

  • Encryption status of the SQL database

System Account

During the installation, Tenable Patch Management defaults to using the Local System account to log into the website. If installing the on the ConfigMgr, the installation requires access to the Local System account. This account requires the Log On As A Service User permission.

Domain Account

During the installation, you may choose to use a Domain account to log into the ConfigMgr website. Before using this account, you must enable the ConfigMgr Database role. If choosing to use this account, you will be required to periodically change your password based on the security requirements set by your company.

Database Read Only Account

The Tenable Patch Management database requires a Read-Only SQL Login to display the product dashboard. If the login does not exist, the Server installation creates one. If you use Windows Authentication, the Windows account must exist before running the Server installation.

All data providers for the Tenable Patch Server use the Database read-only account to query the Tenable Patch Management database. During the installation, the account is granted db_datareader permission to the Adaptiva database, preventing any data changes by this account in the Adaptiva database.

If creating a domain account, the Server installation requires entering the NETBIOS Domain, User Name, and Password for the SQL reporting account. Record the required SQL Reporting account credentials on the Tenable Patch Management Installation Guide. Use the following best practices when deciding whether to create a domain account or a SQL account:

  • Tenable recommends creating this account to operate the Tenable Patch Server at the highest security level for your SQL Server environment.

  • Tenable recommends using an Tenable Patch Management Reporting account. When the SQL Server is remote, the Tenable Patch Server installer can use a domain account.

  • All Tenable Patch Server data providers require this account to query the Tenable Patch Management Database.