Service Account Descriptions & Permissions
Search service account
- It is a db_owner in ALL SSP databases.
- It is a db_owner in ALL Search databases.
- It has READ ONLY access to all the content in ALL web applications via a policy.
- It has read/write access to the propagation share on Query servers.
- It has read/write access to the Search registry hive.
- It has read/write access to the Search index location.
SSP administration site application pool identity
- This account is determined by the web application that you select when you create the SSP.
- It has read/write access to the SSP database and the Search database.
- This account has full control over the Search service via its COM interfaces.
- It has read/write access to the Search registry hive.
Global web service account
- This is the GLOBAL application pool account of the Office Server Web Services, i.e. an application pool that does not belong to any SSP.
- It is always set to NetworkService.
SSP (Application) web service
- The application pool account of an SSP web service (the credentials entered in the SSP creation/details page).
- This account has read/write access to the SSP database and to the Search database of an SSP.
- This account has full control over the Search service via its COM interfaces.
- It has read/write access to the Search registry hive.
Default content access account
- The default account used within the SSP to crawl content.
- If a specific account is not specified, the search service account is used.
Content access account
- A specific account that is configured to particular content.
- This account is optional and is specified when you create a new crawl rule. For example, content that is external to Office SharePoint Server 2007 for Search (such as a file share) might require a different access account.
