I am interested in creating an alternate Farm Administrator account so I don’t have to continually log in using the original farm admin account. I visited and used Todd Klindt’s blog post “How to
create a SharePoint 2010 admin account and stop using sp_farm“, however, it doesn’t talk about database roles or permissions. How should my new, alternate farm admin account be configured relating to all the databases: ie. SharePoint system database, content databases, and service databases, etc..
For instance, when I log into SQL Server and view the “server roles” for the original farm admin account it lists the following: dbcreator, public, securityadmin, and sysadmin. However, when I check the “server roles” for my alternate account it only shows the role of “public”. Also, when I check the “User Mapping” for the original farm admin account, there are a wide variety of roles to checkmark depending on the role of the database.
What roles and permissions should I give my new alternate farm admin account so that it has equal authority and permissions with all the different databases? Is there a PowerShell script I can run to apply particular roles to different database types (SharePoint system database, content databases, and service databases, etc.) ?
Plus, if I create a second, alternate farm admin account dedicated to backup and restore operations, what additional (if any) setup should I be focused on? We run a 3rd party backup/restore application that uses the farm administrator account. My goal is to give this 3rd party application the second, alternate farm admin account and stop using the original farm account for backup and restore operations. This way we can track all operations by the new account.
Thank you
So the Farm Account doesn’t need sysadmin, just dbcreator and securityadmin. Once you add an account to those roles, simply use Add-SPShellAdmin domain\username and it will grant access to the SharePoint dbs.
