I had to access a list on a SharePoint web app from another web app on the same farm using code, but experienced a sql exception. The app pool accounts had least privilege, but the accounts of the user had restricted reader rights to both web apps (and app pool account as i tried running with elevated privileges). It turns out that if your executing code against a web app outside of your current context, you need to have rights to the db on the server.
I ended up reading via webservices and converting to a datatable, similar to the following.
Unrelated, here is a good article on making web.config mods via a feature receiver.
Here is another unrelated article about group policy (something i never fully remember).