Sophos for Microsoft SharePoint: permissions required by services account
You must ensure that the credentials you provide as the service account while installing Sophos for Microsoft SharePoint have the correct permissions. The permissions should be as described either for Account type 1 OR for Account type 2.
NOTE: On SharePoint 2010, the service user account will also require Shell Admin permission.
Account type 1
If you have a server farm scenario, you can use the 'Server Farm Account', (also referred to in the SharePoint documentation as 'database access account'). This is the account that you provided when setting up the farm in the SharePoint Configuration Wizard.
This account is also the application pool identity for the SharePoint Central Administration web site.
Account type 2
If you use an alternative account, ensure it has the following 3 sets of permissions:
- The user is listed under SharePoint Central Administration web site | Operations | Update farm administrator's group
- The user has full permissions for the Central Administration site collection,
- verify they are a site collection administrator in SharePoint Central Administration web site | Site Actions | Site Settings | Site collection administrators
OR - verify they are a site collection administrator in SharePoint Central Administration web site | Application Management | Site collection administrator. Click 'change site collection' and then change web application to be Central Administration
- verify they are a site collection administrator in SharePoint Central Administration web site | Site Actions | Site Settings | Site collection administrators
- The user has full permissions for all the other site collections (in addition to the Central Administration site collection, described in 2 above.)
- verify they have 'Full control' under SharePoint Central Administration web site | Application Management | Policy for Web Application. This is the recommended option.
OR - verify that they are a site collection administrator for all the other site collections (however, this option is not recommended).
- verify they have 'Full control' under SharePoint Central Administration web site | Application Management | Policy for Web Application. This is the recommended option.
Note: The user might have permissions set up indirectly, for example, the permissions might be set for a group (e.g. BUILTIN\Administrators) and the user might be member of that group.
If you need more information or guidance, then please contact technical support.
- Article ID: 58866
- Created: 21 May 2009
- Last updated: 25 Mar 2011
