Do not require database SysAdmin privilege for installation/upgrade of MIM
Requiring the highest level of privilege for installing and updating MIM is not seen as acceptable by Database Administrators as it causes security concerns, especially in an environment where databases use shared hardware. In the UK/EU and probably equivalents elsewhere, this is of particular concern for organisations that need to adhere to PCI DSS (Payment Card Industry Data Security Standard) or GDPR (General Data Protection Regulation).
The MIM installer should require the least privileges it needs to do it's job so that the database administrator can define a role that meets these requirements. Anything that truly needs to be done with SA privileges should be provided as a script that can be run by the database administrator under controlled conditions, so that they can understand what has been done, rather than providing SA privilege to a "black box" installer executable.
Thanks for your feedback! — David Steadman | MIM Lead & PM Identity governance and administration engineering team
Jay Green commented
Any progress on this as it's been under review for over 2 years!?
Jay Van der Zant commented
I've had a high profile customer very recently been put in a difficult position with MIM due to this. Bit of an odd requirement to be honest!