SharePoint_config database:
- install account is its dbo
- farm account (and local admin) in db_owner role
- application pool account in WSS_Content_ApplicationPoolid role
Central_Admin database:
- same as config except that local admin is not in db_owner role
Content database:
- farm account is dbo
- app pool account and ssp service account are in db_owner role
SSP (and SSP Search DB):
- same as content database, plus search service account is in db_owner
Server Roles:
- Install account has dbcreator fixed server role & securityadmin fixed server role.
- Farm account has the same fixed server role, but it is automatically configured.
- other service only has public server role.
Understanding those and sharepoint application pool id (see this) can help to solve a lot sharepoint database permission issues such as :EXECUTE permission denied on object 'proc_putObject' in event log tells that the application pool id doesn't have write permission on configure database.
