Search service account

- It is a db_owner in ALL SSP databases.

- It is a db_owner in ALL Search databases.

- It has READ ONLY access to all the content in ALL web applications via a policy.

- It has read/write access to the propagation share on Query servers.

- It has read/write access to the Search registry hive.

- It has read/write access to the Search index location.

 

SSP administration site application pool identity

- This account is determined by the web application that you select when you create the SSP.

- It has read/write access to the SSP database and the Search database.

- This account has full control over the Search service via its COM interfaces.

- It has read/write access to the Search registry hive.

 

Global web service account

- This is the GLOBAL application pool account of the Office Server Web Services, i.e. an application pool that does not belong to any SSP.
- It is always set to NetworkService.

 

SSP (Application) web service

- The application pool account of an SSP web service (the credentials entered in the SSP creation/details page).

- This account has read/write access to the SSP database and to the Search database of an SSP.

- This account has full control over the Search service via its COM interfaces.

- It has read/write access to the Search registry hive.

 

Default content access account

- The default account used within the SSP to crawl content.

- If a specific account is not specified, the search service account is used.

 

Content access account

- A specific account that is configured to particular content.

- This account is optional and is specified when you create a new crawl rule. For example, content that is external to Office SharePoint Server 2007 for Search (such as a file share) might require a different access account.