Forum Discussion
Separating object cache accounts for web applications
It's no surprise that SharePoint allows to configure separate pair of object cache accounts for each web application. However, the question is whether there is any benefit of applying different set of accounts for different web applications. Do you know about any specific drawbacks of having the same set of accounts on two different web applications? Thank you in advance for enlightening me. We are planning to configure SharePoint 2013 but it would be interesting to know the answer for SharePoint 2016 as well.
- Again, cache accounts are used for comparative purposes only. They hold no data. There is no reason to separate them.
7 Replies
- There is very little reason, if any, to do so. Remember that the object cache accounts are really true 'service accounts'. They're not managed and the SharePoint Administrator does not need their passwords. They're essentially 'reference' accounts that SharePoint can compare permissions to with the user viewing the content.
Similarly, there's little reason to separate service accounts for Web Applications or for various Service Applications. It increases operational complexity (especially if KCD is involved), process start up time, and process memory usage.Hi Trevor,
With regard to using single app pool account as far as I understand any farm solution running on one web app can use pool account for accessing content in other web applications. Whether it is desirable or not can be decided based on specific customer and solution demands.
However, I don't understand consideration points regarding cache accounts. are there specific cases to take into accounts?
- Again, cache accounts are used for comparative purposes only. They hold no data. There is no reason to separate them.
- It is my understanding that the only reason to do that would be if you had some very stringent security requirements that dictated the usage of service accounts.
Hello Dean, thank you for your answer. To my opinion any security policy should be based on vulnerabilities analysis so what I'm trying to get my head around is what kind of security isues brings using single set of cache accounts among a few web apps.
