Thursday, April 9, 2015

SharePoint Service Accounts Required for a Mid-Size Farm

Below is a table which lists down the service accounts and their roles in a mid-size SharePoint farm.
This is just my personal recommendations based on my experience and the requirements my farm had. Based on the SharePoint features you use, you can have additional service accounts. You can run a farm with one service account also. But that would not be a Microsoft recommended practice.


Account Name
Role
Permissions needed
SP_SETUP
Setup Account. This account will be used to install SharePoint binaries
SharePoint Server : Local administrator on all SharePoint servers
SQL Server : dbcreator and securityadmin
SP_FARM
Farm account. This account will be used for Windows Timer Service, Central Admin etc.
SharePoint Server : Local administrator on all SharePoint servers
SP_WEB
This account will be used Application pool ID for  web applications

SP_APP
This account will be used  Application pool ID for  service applications

SP_SRCH
This account will be used  Application pool ID for  Search Service application

SP_CRWL
This account will be used as  Search Crawl account

SP_SUSR
This account will be used SharePoint Portal Super User account

Web application Policy : Full Control
SP_SRDR
This account will be used  SharePoint Portal Super Reader account

Web application Policy : Full read
SP_UPS
This account will be used as User Profile services account
Must have Replicating Directory Changes permissions to AD

No comments:

Post a Comment