Permission required to execute the code (Object Model) in Sharepoint

I always faced the access permission issue in consuming the Sharepoint object model from a exe or webservice or windows service with a user who have limited access.Each time i figured out the permission required then forget blog it so all the time i have to Dig again to find the permission.So let see what should we do in each type of application.


User Permission

SharePoint Site

Minimum Read Permission

Sharepoint Server

Add to WSS_ADMIN_WPG group

Database

Sharepoint Content DB (Site collection database) - db_owner permission

Sharepoint Config DB (Config DB of sharepoint installation) - - db_owner permission


Web Service / WCF Service

Most of  sharepoint developers could have created a webservice/wcf service which uses sharepoint object model to do some operation in a sharepoint site.


Error

The Web application at http://localhost/mysite/content could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application.


We are bound to solve the issue within time limit so forced to use the same application pool identity used by the Sharepoint Site and leave the issue behind.But if you want to know more about what should be the permission required for the user look at the table below.Make sure you application pool identity user have following preveleges.


Sharepoint Site

Add the IIS Application Identity user to Sharepoint Read Group in Sharepoint Site (minimal permission).If you need to do write operation or content type changes give the higher permissio to the user (Content Owner).This is to make sure that


SharePoint Server

Add the IIS Application Pool Identity User into WSS_ADMIN_WPG User Group of the physical server where Sharepoint is installed.


Database Server

IIS Application Pool Identity User should have DB_OWNER access in Sharepoint Configuration DataBase (Configuration DB created during the installation of sharepoint farm) and Sharepoint Content DataBase(Sharepoint Site Collection DataBase of the site you are trying to access).


Windows Service

In windows service case, the user account under which Window Service is running should have the similar access to application pool identity user case said above.


Sharepoint Site

Add the Window Service user account to Sharepoint Read Group in Sharepoint Site (minimal permission).If you need to do write operation or content type changes give the higher permissio to the user (Content Owner).This is to make sure that


SharePoint Server

Add the Window Service user account into WSS_ADMIN_WPG User Group of the physical server where Sharepoint is installed.


Database Server

Window Service user account should have DB_OWNER access in Sharepoint Configuration DataBase (Configuration DB created during the installation of sharepoint farm) and Sharepoint Content DataBase(Sharepoint Site Collection DataBase of the site you are trying to access).