SharePoint Farm Administrator Cannot Access Site, Gets Access Denied

Problem: SharePoint 2013 farm administrator cannot access site! They get access denied error.

Root cause:
Its a common misconception that SharePoint Farm Administrator will get access to all SharePoint sites in the farm automatically! Farm administrator get access denied error in SharePoint 2010 site collection when trying to browse.
sharepoint 2010 farm administrator access denied
Solution to SharePoint farm administrator access denied error
Farm Administrators gets control over SharePoint Central Administration, but not all sites. So, we have to explicitly grant access to required web applications to the Farm Administrator through web application user policies by navigating to:
  • Central Administration  >>
  • Security >>
  • Specify web application user policy >>
sharepoint farm administrator permissions

Add web application user policy in SharePoint using PowerShell 
Above step can be automated for all web applications using PowerShell. Lets add a user policy in web application to grant full access to all web applications in the farm.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#User to Add

#Add user to Web App user Policy

#Get All Web Applications and Iterate through
Get-SPWebApplication | foreach-object {
                $WebAppPolicy = $_.Policies.Add($UserID, $UserID)
                #Set Full Access 
                $PolicyRole = $_.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl)
                Write-Host "Added user to $($_.URL)"

1 comment:

Please Login and comment to get your questions answered!

Powered by Blogger.