Showing posts with label Accounts. Show all posts
Showing posts with label Accounts. Show all posts

Tuesday, May 5, 2015

SQL account used for SharePoint



SQL account used for SharePoint

When we plan to build the SharePoint, The first and most important part is the account used for the SQL admin. Please find the details below that provide you more information on the account.

1. SQL Admin Account
SQL Admin account would be use to install SQL Server for your SharePoint and would be created in AD. This account should be a domain user and must be a local administrator on database server. These rights are enough to successfully install SQL Server. Do not use any other domain admin account or never make this as a domain admin account. I have seen people using domain admin account to install SQL and SharePoint which is a mistake and a threat to security. You can name this account as "sql_install" or "sql_admin".

2.
SQL Service Account
This is the account that runs the SQL Server instance. This should be a domain user but do not make this as a local administrator for security reasons. You can name this as "sql_user" or "sql_services". While installing SQL Server with SQL Admin account, necessary permission would be granted to this account for running the SQL Server instance. At Server Configurations step during SQL Server installation, mention your SQL Service account as the account for SQL Server Database Engine and SQL Server Browser and automatically necessary rights would be granted to this account to run the SQL Server instance.

3.
SharePoint Setup Account
Create an account "sp_install" (a recommendation, you can name it anything) in your AD and put this account in local administrator group on all SharePoint Servers. Make sure you do not put this account in domain administrator account. You should never use a domain admin account to install SharePoint and its services.
 


I hope the above information will help you to resolve the issue, in case of any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

Monday, April 27, 2015

permissions needed to administrate SharePoint Server



permissions needed to administrate SharePoint Server 

The below are the permissions that required to user to administer the SharePoint farm.

1.   Local Administrator rights
2.   Farm Administrator rights
3.   Shell Administrator rights
Local Administrator rights are required in order to work with objects that require that right (such as creating IIS sites or importing the Microsoft.SharePoint.Powershell module).
Farm Administrator rights are required to perform various functions on the farm. Various APIs within SharePoint have an explicit farm administrator rights check.
Shell Administrator rights gives you additional rights on the databases in use by the farm so you can operate directly against them (working with databases via Central Administration is done via the Farm Admin account).
 


I hope the above information will help you to resolve the issue, in case of any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

Thursday, November 20, 2014

The permissions in SP_DATA_ACCESS role by default.


The permissions in SP_DATA_ACCESS role by default.

The SP_DATA_ACCESS role replaces the db_owner role in SharePoint 2013.

The SP_DATA_ACCESS role is the default role for database access and should be used for all object model level access to databases.

1.   Grant EXECUTE or SELECT on all SharePoint stored procedures and functions

2.   Grant SELECT on all SharePoint tables

3.   Grant EXECUTE on User-defined type where schema is dbo

4.   Grant INSERT on AllUserDataJunctions table

5.   Grant UPDATE on Sites view

6.   Grant UPDATE on UserData view

7.   Grant UPDATE on AllUserData table

8.   Grant INSERT and DELETE on NameValuePair tables

9.   Grant create table permission 


I hope the above information will help you to resolve the issue, in case of any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

Tuesday, October 28, 2014

Set up and manage access requests



Set up and manage access requests

I found a very detailed article on how to configure the access requests in SharePoint 2013.


  http://office.microsoft.com/en-in/sharepoint-help/set-up-and-manage-access-requests-HA103456596.aspx

http://blog.cloudshare.com/2012/12/09/how-to-configure-the-site-access-request-in-sharepoint-2013/


I hope the above information will help you to resolve the issue, in case of any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

Friday, November 29, 2013

What are the accounts used in SharePoint for a least privileged configuration

 What are the accounts used in SharePoint  for a least privileged configuration.



In Many Organizations while Implementing SharePoint. The first question which may arise is What are the account we need to create and what are the permission levels it should have. I have tried my best to collate the things together and text it in my Blog as per my experience.Theese accouns are minimal accounts that required but it varies as per the requirements.


The setup account: This is the account with which the user is logged that runs the setup. This account must be a local administrator on all systems where SharePoint is run.

Post-Setup Configuration Run-As user: This is the user that runs the PSC tool.
This user must also be a local administrator
PSC runs a prerequisites check.
In addition to being a local administrator on all computers running Office Server, this account also has the following requirements on a remote server running SQL Server to be used as part of a SharePoint Foundation 2010 Services farm

Must be a SQL login
Must be a member of the SQL Server Database Creators Role
Must be a member of the SQL Server Security Administrators Role
This account need not be a local administrator on the server running SQL Server

This is the only account given explicit rights on SQL. It will give the database access account the SQL privileges it needs because it has the rights to do so.

The database access account: This is the account that is specified to the PSC tool when creating or connecting to a Configuration Database.
This account need not be the same as the PSC Run-As user and it need notbe a local administrator on any computer running Office Server.
It should also not be a local administrator on the SQL server, and doesnot require any SQL permissions in advance of creating a configuration database. Many of us refer to this as the “farm admin” account, but thisis misleading. The user that accesses the Central Admin Web pages to perform farm administrative activities is the farm admin account.

Central Admin App Pool ID:This account is “automatically” configured by the PSC tool to be the same account as the database access account that is stipulated to the PSC tool when creating a configuration database. This account and the SPTimer account constitute one exception to separate accounts being usedfor all account types.

The SPTimer account: As with the Central Admin App Pool ID, this account is “automatically” configured by the PSC tool to be the same account as the database accessaccount that is stipulated to the PSC tool when creating a configuration database.

The Farm Admin account: As mentioned earlier, this is the user that accesses the Central Admin Web pages to perform farm administrative functions.
This account can create Web applications, site collections, SSPs, configure Search, IFSS, Profile Imports, assigning permissions, and so on.


Please Comment if you need Any Help.Your Feed back is always Welcome.I Am Happy to Help !!!!!

ShareThis

X