Database permissions (Windows SharePoint Services 3.0)

Applies To: Windows SharePoint Services 3.0

 

Topic Last Modified: 2008-09-09

In this article:

  • Windows SharePoint Services 3.0 deployed in a stand-alone environment

  • Windows SharePoint Services 3.0 deployed in a server farm environment

This article describes the databases that are created, the logins (domain or local accounts) that are granted permissions to Microsoft SQL Server 2005 and databases, and the server and database roles to which you add the logins.

Windows SharePoint Services 3.0 deployed in a stand-alone environment

When you install Windows SharePoint Services 3.0 on a single server, run the Setup program by using the Basic option. This option uses the Setup program's default parameters to install Windows SharePoint Services 3.0 and Windows Internal Database. Windows Internal Database uses SQL Server technology as a relational data store for Windows roles and features only, such as Windows SharePoint Services, Active Directory Rights Management Services, UDDI Services, Windows Server Update Services, and Windows System Resources Manager.

Fixed server roles are server-wide in their scope. The following table describes the accounts (for Windows SharePoint Services 3.0 in a stand-alone environment) that are added to fixed server roles, and describes each fixed server role.

Fixed server role Account Role description

dbcreator

NT AUTHORITY\NETWORK SERVICE

Members of the dbcreator fixed server role can create databases, and can alter and restore their own databases.

securityadmin

NT AUTHORITY\NETWORK SERVICE

Members of the securityadmin fixed server role can manage logins and their properties at the server and database levels.

sysadmin

BUILTIN\Administrators

Members of the sysadmin fixed server role can perform any activity on the server.

NT AUTHORITY\SYSTEM

Database created after installation

Database roles are defined at the database level and exist in each database. The following table lists the databases that are created and the accounts that are assigned to specific database roles when you install Windows SharePoint Services 3.0 on a stand-alone server. For more information about fixed database roles, see Database-Level Roles (http://go.microsoft.com/fwlink/?LinkId=121800).

Database Database role Account

SharePoint_Config

db_owner fixed database role

NT AUTHORITY\NETWORK SERVICE

BUILTIN\Administrators

WSS_Content_Application_Pools

NT AUTHORITY\NETWORK SERVICE

NT AUTHORITY\SYSTEM

SharePoint_AdminContent_GUID

db_owner fixed database role

db_owner fixed database role

WSS_Content_Application_Pools

NT AUTHORITY\SYSTEM

NT AUTHORITY\NETWORK SERVICE

WSS_Content

db_owner fixed database role

NT AUTHORITY\NETWORK SERVICE

WSS_Search

db_owner fixed database role

NT AUTHORITY\NETWORK SERVICE

NT AUTHORITY\LOCAL SERVICE

Windows SharePoint Services 3.0 deployed in a server farm environment

When you install Windows SharePoint Services 3.0, you must check to make sure that the database server is running SQL Server 2005 or Microsoft SQL Server 2000 with the most recent service pack.

The Windows SharePoint Services 3.0 Setup program automatically creates the necessary databases when you install and configure Windows SharePoint Services 3.0 in a server farm.

Fixed server roles are server-wide in their scope. The following table describes the accounts that are added to fixed server roles and describes each fixed server role.

Fixed server role Account Role Description

sysadmin

NT AUTHORITY\SYSTEM

Members of the sysadmin fixed server role can perform any activity on the server.

BUILTIN\Administrators

dbcreator

Installing user

Members of the dbcreator fixed server role can create databases, and can alter and restore their own databases.

securityadmin

Installing user

Members of the securityadmin fixed server role can manage logins and their properties at the server and database levels.

Database created after installation

Database roles are defined at the database level and exist in each database. The following table lists the databases that are created and the accounts that are assigned to specific database roles when you install Windows SharePoint Services 3.0. For more information about fixed database roles, see Database-Level Roles (http://go.microsoft.com/fwlink/?LinkId=121800).

Database Database role Account

SharePoint_AdminContent_GUID

WSS_Content_Application_Pools

NT AUTHORITY\SYSTEM

db_owner fixed database role

Installing user

SharePoint_Config

WSS_Content_Application_Pools

BUILTIN\Administrators

Installing user

db_owner fixed database role

NT AUTHORITY\SYSTEM

Database created after starting the search service

The following table lists the database that is created and the account that is assigned to specific database roles when you start the search service.

Database Database role Account

WSS_Search_ComputerName

db_owner fixed server role

Installing user

Database created after creating a Web application

The following table lists the database that is created and the account that is assigned to specific database roles when you create a Web application after installing Windows SharePoint Services 3.0 on a farm server.

Database Database role Account

WSS_Content

db_owner fixed database role

Installing user

See Also

Concepts

Security and permissions reference (Windows SharePoint Services)
Files and permissions for Windows SharePoint Services 3.0
Special directories and storage locations (Windows SharePoint Services)