only the identity of the application pool needs permissions, it needs read permissions on the entire web and full control on /App_Data and /Data
No other user needs permissions.
IIS_WPG is/was the default identity in IIS 6 on Win 2003 and NETWORK SERVICE is also often configured as the app pool identity (was the default in early versions of IIS 7), but no matter who the identity is configured as, that user is the only one who needs permissions for the web app to work. There are not multiple users who need permissions for the web site to run, though other users may need permissions for ftp or other purposes.
So once you know the identity user of the app pool you can set permissions for that user.
Hope it helps,