How To Compare Sharepoint 2013 Database Permissions

Comparing SharePoint 2013 database permissions involves understanding the various service accounts and permission levels that are integral to the system’s operation.

To compare SharePoint 2013 database permissions, you need to understand the different service accounts and permission levels involved. The SharePoint Configuration Wizard and Farm Creation Wizard automatically configure most of these permissions during setup.

The first important account is the farm administrator user account, which is used to set up the server farm. This account must be a domain user and have local administrators group membership on each SharePoint server. It also needs access to SharePoint databases and must have appropriate SQL Server role membership.

Next is the server farm account or database access account. This account is used as the application pool identity for Central Administration and the process account for the SharePoint Timer service. It must also be a domain user and have extra permissions granted on SharePoint servers joined to the farm.

There are also various application pool accounts for different purposes, such as the default content access account for search crawling, content access accounts for accessing content through crawl rules, and the Excel Services unattended service account for external data sources.

The article also mentions default permission levels in SharePoint, such as View Only, Limited Access, Read, Contribute, Edit, Design, and Full Control. These permission levels include different sets of permissions for users to perform specific tasks within SharePoint sites.

Overall, understanding the different service accounts and permission levels is crucial for comparing SharePoint 2013 database permissions.

Understanding Service Accounts and Permission Levels

To effectively compare SharePoint 2013 database permissions, it is essential to understand the various service accounts and permission levels that govern access and control. These play a crucial role in determining who can perform certain tasks and access specific resources within SharePoint sites.

The first important account to consider is the farm administrator user account. This account is used to set up the server farm and must be a domain user with local administrators group membership on each SharePoint server. It also requires access to SharePoint databases and appropriate SQL Server role membership. By providing administrative privileges, this account can manage the overall configuration and security of the SharePoint environment.

Another significant account is the server farm account or database access account. This account serves as the application pool identity for Central Administration and the process account for the SharePoint Timer service. It, too, must be a domain user and have extra permissions granted on SharePoint servers joined to the farm. The server farm account is responsible for accessing and interacting with SharePoint databases, ensuring the smooth functioning of the server farm.

Aside from these accounts, there are various application pool accounts with specific purposes. For example, the default content access account is used for search crawling, while content access accounts are utilized for accessing content through crawl rules. The Excel Services unattended service account, on the other hand, is used for external data sources. Each of these accounts plays a role in managing and securing different aspects of SharePoint functionality.

Default Permission Levels

When it comes to permission levels, SharePoint 2013 offers several default options. These include View Only, Limited Access, Read, Contribute, Edit, Design, and Full Control. Each permission level comes with its own set of permissions, allowing users to perform specific tasks within SharePoint sites. For example, the View Only permission level grants users the ability to view content, while the Full Control permission level provides complete access and control over the site, including the ability to manage permissions and make changes to site structure.

In summary, understanding the different service accounts and permission levels is crucial for effectively comparing SharePoint 2013 database permissions. By familiarizing yourself with these accounts and levels, you can gain greater control and ensure that the right individuals have appropriate access in your SharePoint environment.

Permission Level Permissions
View Only View pages, items, and documents. Documents can be downloaded but not edited.
Limited Access Access specific lists, document libraries, folders, or items when given direct permissions but not access to the entire site.
Read View pages, items, and documents. Documents can be downloaded and edited if the application supports it.
Contribute View, add, update, and delete items and documents.
Edit View, add, update, delete, approve, and customize items and documents.
Design View, add, update, delete, approve, customize, and design items and documents.
Full Control Full access and control over the site, including the ability to manage permissions and make structural changes.

Tools and Techniques for Comparing Database Permissions

To compare SharePoint 2013 database permissions, there are several tools and techniques that can streamline the process and ensure accurate results. The SharePoint Configuration Wizard and Farm Creation Wizard automatically configure most of these permissions during setup, but there are additional methods you can use for a more comprehensive comparison.

One tool you can utilize is the SharePoint Permission Comparison Tool. This tool allows you to compare the permission levels of users and groups across different SharePoint sites and lists. It provides an easy-to-read report that highlights any differences in permissions, making it simple to identify and resolve any inconsistencies.

Another technique you can employ is the use of PowerShell commands. With PowerShell, you can retrieve and compare permission settings for different SharePoint objects, such as sites, lists, and libraries. By running PowerShell scripts, you can automate the comparison process, saving time and ensuring accuracy.

Additionally, the SharePoint administrative interfaces, such as Central Administration and Site Settings, provide built-in features for reviewing and comparing permissions. These interfaces allow you to view the permission levels assigned to individual users and groups, as well as compare permissions between different sites or site collections.

By combining these tools and techniques, you can effectively compare SharePoint 2013 database permissions and ensure that your security settings are accurate and consistent across your environment. Understanding the different service accounts and permission levels involved is crucial in maintaining a secure and well-managed SharePoint deployment.

Meet the Author

Abdul Rahim has been working in Information Technology for over two decades. Learn how Abdul got his start as a Tech Blogger , and why he decided to start this Software blog. If you want to send Abdul a quick message, then visit his contact page here.