The following screen shots account for the various minimum permissions required to surface each of the various Portals' entities on your website.  Most people will simply give the CRM service account the System Administrators role.  If you'd like to trim that down, you can do so by following this list.

This is a complete list.  If you have not deployed all of the Portals' entities to your CRM (eg. you installed Basic Portal and didn't bring in the other sites and their solutions), your list won't be nearly as long as this one.  Don't worry about it.  Just set the permissions for the entities that do exist in your system.