Saturday, September 24, 2016

How to Add Administrator & Grant Permission to Service Application using PowerShell

Often there are situations when you may need to add administrators or grant permissions to SharePoint service applications. Say, the setup account-farm account isn't added as service application administrator or not having permission to the service application.

How to Add Service Application Administrator in SharePoint 2016?
To add a  Service Application administrator, navigate to:

  • SharePoint 2016 Central Admin >> Manage Service Applications
  • From the list of available Service Applications, select the target service application such as "Managed Metadata service application".sharepoint 2016 service application add administrator grant permission
  • In the Ribbon click on "Administrators" button. Enter the user name that you wish to have admin rights to SharePoint service application >> Click on "Add" button.
  • From the permissions section, select "Full Control". Commit your changes by clicking the OK button.
    powershell to add service application administrator in SharePoint 2016
  • Similarly, to add permission, Click on "Permissions" button from the ribbon, Enter the user and add appropriate permission to the user.
    How to grant permission to service application using PowerShell

When these things are repeated, Lets use PowerShell to add administrator and grant permissions to service applications, say: Managed Metadata Service Application.

PowerShell to Add Service Application Administrator 
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Configuration Variables
$ServiceAppName="Managed Metadata Service Application"
$UserAccount="Crescent\Salaudeen"
$AccessRights = "Full Control"

#Get the service application
$ServiceApp = Get-SPServiceApplication -Name $ServiceAppName
#Convert user account to claims
$UserPrincipal = New-SPClaimsPrincipal -Identity $UserAccount -IdentityType WindowsSamAccountName

#Get the Service Application Security collection
$ServiceAppSecurity = Get-SPServiceApplicationSecurity $ServiceApp -Admin
#Add user & rights to the collection
Grant-SPObjectSecurity $ServiceAppSecurity -Principal $UserPrincipal -Rights $AccessRights

#Apply the Security changes
Set-SPServiceApplicationSecurity $ServiceApp $ServiceAppSecurity -Admin 

Add Permission to Service Application using PowerShell
How about granting permission to service application? Well, the similar code goes for providing permission to service application, except the "-Admin" switch. Here is an example:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Configuration Variables
$ServiceAppName="Managed Metadata Service Application"
$UserAccount="Crescent\Salaudeen"
$AccessRights = "Full Access to Term Store"

#Get the service application
$ServiceApp = Get-SPServiceApplication -Name $ServiceAppName
#Convert user account to claims
$UserPrincipal = New-SPClaimsPrincipal -Identity $UserAccount -IdentityType WindowsSamAccountName

#Get the Service Application Security collection
$ServiceAppSecurity = Get-SPServiceApplicationSecurity $ServiceApp
#Add user & rights to the collection
Grant-SPObjectSecurity $ServiceAppSecurity -Principal $UserPrincipal -Rights $AccessRights

#Apply the Security changes
Set-SPServiceApplicationSecurity $ServiceApp $ServiceAppSecurity

Add User Profile Service Application Administrator and Grant Permissions: 
Lets combine both the scripts to add administrator and set permission to user profile service application in SharePoint 2016 to avoid "No User Profile Application available to service the request. Contact your farm administrator." error.  
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Configuration Variables
$UserAccount="Crescent\Salaudeen"
$AccessRights = "Full Control"

#Convert user account to claims
$UserPrincipal = New-SPClaimsPrincipal -Identity $UserAccount -IdentityType WindowsSamAccountName

#Get the user profile service application
$ServiceApp =  Get-SPServiceApplication | ? { $_.TypeName -eq "User Profile Service Application" }

Write-host "Adding Administrator to User Profile Service Application..."
#Get the Service Application Administrators Security collection
$ServiceAppAdmins = Get-SPServiceApplicationSecurity $ServiceApp -Admin
#Add user to the collection
Grant-SPObjectSecurity $ServiceAppAdmins -Principal $UserPrincipal -Rights $AccessRights
#Apply the new Security to service application
Set-SPServiceApplicationSecurity $ServiceApp $ServiceAppAdmins -Admin

Write-host "Granting permission to User Profile Service Application..."
#Get the Service Application Permissions Security collection
$ServiceAppPermission = Get-SPServiceApplicationSecurity $ServiceApp
#Add user & rights to the collection
Grant-SPObjectSecurity $ServiceAppPermission -Principal $UserPrincipal -Rights $AccessRights
#Apply the Security changes
Set-SPServiceApplicationSecurity $ServiceApp $ServiceAppPermission



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.
*Sponsored


Check out these SharePoint products:

1 comment :

Please Login and comment to get your questions answered!


You might also like:

Related Posts Plugin for WordPress, Blogger...