...
Info |
---|
title | Database Permissions Checklist |
---|
|
After doing all the changes specified previously, this is the complete list of user database roles as they should be. Database Name | Role |
---|
SharePoint_Config | - SPDataAccess
- SharePoint_Shell_Access
| SharePoint_AdminContent_<GUID> | - SPDataAccess
- WSS_Content_Application_Pools
- SharePoint_Shell_Access
| Bdc_Service_DB_<GUID> | | Search_Service_Application_AnalyticsReportingStoreDB_<GUID> | | Search_Service_Application_CrawlStoreDB_<GUID> | | Search_Service_Application_DB_<GUID> | | Search_Service_Application_LinksStoreDB_<GUID> | |
|
Note |
---|
Since SharePoint setup user and server farm account have these privileges, it is recommended to use one of those accounts for this. Setup user is recommended, since it has machine admin rights as well. |
...
Security Pre-Trimmer
...
The Security PreTrimmer requires that the user identity sent to it contains at least one of the following claim types:
- claims/userlogonname: This is for windows authentication. The pretrimmer will use this value to send it to the Aspire Group Expansion.
- claims/primarysid: This is for other types of authentication (e.g. ADFS). The pretrimmer will take the primary SID value and translate it into a valid user id to send it to the Aspire Group Expansion.
...