Below is a table which lists down the service accounts and their roles in a mid-size SharePoint farm.
This is just my personal recommendations based on my experience and the requirements my farm had. Based on the SharePoint features you use, you can have additional service accounts. You can run a farm with one service account also. But that would not be a Microsoft recommended practice.
Account Name | Role | Permissions needed |
SP_SETUP | Setup Account. This account will be used to install SharePoint binaries | SharePoint Server : Local administrator on all SharePoint servers SQL Server : dbcreator and securityadmin |
SP_FARM | Farm account. This account will be used for Windows Timer Service, Central Admin etc. | SharePoint Server : Local administrator on all SharePoint servers |
SP_WEB | This account will be used Application pool ID for web applications | |
SP_APP | This account will be used Application pool ID for service applications | |
SP_SRCH | This account will be used Application pool ID for Search Service application | |
SP_CRWL | This account will be used as Search Crawl account | |
SP_SUSR | This account will be used SharePoint Portal Super User account | Web application Policy : Full Control |
SP_SRDR | This account will be used SharePoint Portal Super Reader account | Web application Policy : Full read |
SP_UPS | This account will be used as User Profile services account | Must have Replicating Directory Changes permissions to AD |
No comments:
Post a Comment