There a lot of posts available about how to create Service
Application and add administrators through PowerShell but could not find any
post that describe add users to “Permissions” section of Service Application. I
have highlighted the section in below image.
In this post I will share some PowerShell script that I used
to assign permissions for Service Application (i.e. PerformancePoint Service
Application) but can be used for other type of Service App.
#Define couple of variables
$ServiceAppName = "PerformancePoint
Service Application"
$ServiceAppAdminAccount = "domain\youradmin"
$ServiceAppPoolAccount = "domain\yourapppool"
#Getting Service Application instance
$ServiceApp = Get-SPServiceApplication | where{$_.Name -eq $ServiceAppName }
Write-Host "Adding
Administrators..." -ForegroundColor
Yellow
$principal = New-SPClaimsPrincipal
$ServiceAppAdminAccount -IdentityType WindowsSamAccountName
$security = Get-SPServiceApplicationSecurity $ServiceApp –Admin
Grant-SPObjectSecurity $security $principal
"Full Control"
Set-SPServiceApplicationSecurity -Identity $ServiceApp.Id -ObjectSecurity
$security –Admin
Write-Host "Users
'$ServiceAppAdminAccount' have been addd to 'Administrators' group of Service
App" -ForegroundColor Green
Write-Host "Adding
Service Account to Permissions group of Service App..." -ForegroundColor Yellow
$principal = New-SPClaimsPrincipal
$ServiceAppPoolAccount -IdentityType WindowsSamAccountName
$security = Get-SPServiceApplicationSecurity $ServiceApp
Grant-SPObjectSecurity $security $principal
"Full Control"
Set-SPServiceApplicationSecurity -Identity $ServiceApp.Id -ObjectSecurity
$security
Write-Host "Users
'$ServiceAppPoolAccount' have been addd to 'Permissions' group of Service
App" -ForegroundColor Green
That's it.