Sep 3, 2009

SharePoint databases part 2

part 1 outlines sharepoint databases and database backup. This part will focuse on secrity: what sharepoint accounts have access to sharepoint databases and in what roles.

SharePoint_config database:

  • install account is its dbo
  • farm account (and local admin) in db_owner role
  • application pool account in WSS_Content_ApplicationPoolid role

Central_Admin database:

  • same as config except that local admin is not in db_owner role

Content database:

  • farm account is dbo
  • app pool account and ssp service account are in db_owner role

SSP (and SSP Search DB):

  • same as content database, plus search service account is in db_owner

Server Roles:

  • Install account has dbcreator fixed server role & securityadmin fixed server role.
  • Farm account has the same fixed server role, but it is automatically configured.
  • other service only has public server role.

Understanding those and sharepoint application pool id (see this) can help to solve a lot sharepoint database permission issues such as :EXECUTE permission denied on object 'proc_putObject' in event log tells that the application pool id doesn't have write permission on configure database.