I always faced the access permission issue in consuming the Sharepoint object model from a exe or webservice or windows service with a user who have limited access.Each time i figured out the permission required then forget blog it so all the time i have to Dig again to find the permission.So let see what should we do in each type of application.
User Permission
SharePoint Site | Minimum Read Permission |
Sharepoint Server | Add to WSS_ADMIN_WPG group |
Database | Sharepoint Content DB (Site collection database) - db_owner permission Sharepoint Config DB (Config DB of sharepoint installation) - - db_owner permission |
Web Service / WCF Service
Most of sharepoint developers could have created a webservice/wcf service which uses sharepoint object model to do some operation in a sharepoint site.
Error
The Web application at http://localhost/mysite/content could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application.
We are bound to solve the issue within time limit so forced to use the same application pool identity used by the Sharepoint Site and leave the issue behind.But if you want to know more about what should be the permission required for the user look at the table below.Make sure you application pool identity user have following preveleges.
Sharepoint Site
Add the IIS Application Identity user to Sharepoint Read Group in Sharepoint Site (minimal permission).If you need to do write operation or content type changes give the higher permissio to the user (Content Owner).This is to make sure that
SharePoint Server
Add the IIS Application Pool Identity User into WSS_ADMIN_WPG User Group of the physical server where Sharepoint is installed.
Database Server
IIS Application Pool Identity User should have DB_OWNER access in Sharepoint Configuration DataBase (Configuration DB created during the installation of sharepoint farm) and Sharepoint Content DataBase(Sharepoint Site Collection DataBase of the site you are trying to access).
Windows Service
In windows service case, the user account under which Window Service is running should have the similar access to application pool identity user case said above.
Sharepoint Site
Add the Window Service user account to Sharepoint Read Group in Sharepoint Site (minimal permission).If you need to do write operation or content type changes give the higher permissio to the user (Content Owner).This is to make sure that
SharePoint Server
Add the Window Service user account into WSS_ADMIN_WPG User Group of the physical server where Sharepoint is installed.
Database Server
Window Service user account should have DB_OWNER access in Sharepoint Configuration DataBase (Configuration DB created during the installation of sharepoint farm) and Sharepoint Content DataBase(Sharepoint Site Collection DataBase of the site you are trying to access).