Create Database & Service Account

Do this before installing Primentra. The installer will need a database to connect to during setup.

What does this step do? This creates an empty database, a dedicated service account (primentra_svc), and the permissions that Primentra needs. The application never connects as sa — it uses its own restricted account that can only access the Primentra database.

Why a separate service account? Security best practice: the application should have the minimum permissions it needs, nothing more. The primentra_svc account can read/write data, execute stored procedures, and deploy schema updates — but cannot access other databases or perform server-level operations.

Instructions:

1. Open SQL Server Management Studio (SSMS) and connect as a sysadmin user (e.g., sa)
2. Open setup-db-and-user.sql — you can download it from primentra.com, or find it in the installation folder after installing Primentra
3. Change the password on line 30 — replace CHANGE_THIS_PASSWORD with a strong password
4. Execute the script

What gets created:

• Database: Primentra — empty at this point, tables are created later during Setup Database
• Login: primentra_svc (SQL Server authentication) — the service account for the application
• Role: primentra_app — grants the minimum set of permissions Primentra needs:
  • SELECT, INSERT, UPDATE, DELETE, and EXECUTE on the dbo and mdm schemas (data access + stored procedures)
  • REFERENCES on the dbo and mdm schemas (foreign key constraints during schema setup)
  • CREATE TABLE, CREATE PROCEDURE, CREATE VIEW, CREATE FUNCTION, CREATE SCHEMA (schema deployment + staging tables)
  • ALTER on both schemas (migrations + integration views)
  • db_ddladmin role membership (Full-Text Search catalog and index creation)

After running this script, note down the username (primentra_svc), the password you chose, and the database name (Primentra). You will need these in the next step when configuring the application.