I'm quite confused about how permissions are applied to Content Databases in relation to service accounts. So, as an example, I have two web applications - Intranet whose service account is DOMAIN\sps_webapp_default - and My Sites whose service account is DOMAIN\sps_webapp_social. The "sps_webapp_social" account has full control (through User Policy) to the Intranet web app.
When I go to My Sites> Sites> Suggested Links and click on any suggestions I get the below error and the site is not "followed". This Content Database sits under the Intranet web app which the sps_webapp_social has full control to.
I'm also getting similar permission issues when the account that runs various service applications tries to connect to the DB (such as workflow service). This is happening to new or migrated sites. I know permissions can be applied directly in SQL but this can't be the way to do it?
Is there a simple reason why these permissions aren't propagating through?