Symptoms
Consider the following scenario:
-
You deploy a new SharePoint farm.
-
The based build has the October 2022 or a later version updates for Microsoft SharePoint Server slipstreamed into the build process.
-
You are using the least-privileged security model.
In this scenario, when you try to delete a web application, you receive the following error message:
Sorry, something went wrong
The DELETE permission was denied on the object 'SiteCounts', database 'SharePoint_Config', schema 'dbo'.
Correlation ID: <Guid>
Date and Time: <Date / TimeStamp>
Cause
This issue occurs because the application pool account cannot be added to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the SharePoint Admin content database.
Workaround
To work around this issue, make sure that permissions are correctly granted to the SharePoint databases. To do this, run the following command after you run the SharePoint Configuration Wizard (psconfig) on the first server in the farm and before you run the Farm Configuration Wizard or provision additional components:
Get-SPDatabase | %{$_.GrantOwnerAccessToDatabaseAccount()}
More information
For more information about least-privileged permissions and configuration, see Additional things to consider for a least-privileged environment.