Navigation Bar

Wednesday 5 March 2014

Managing Permissions of Service Applications through PowerShell

Recently I was configuring PerformancePoint for a client. I did it through Central Admin but I wanted it to script so that their administrator can easily create in other environment.

There a lot of posts available about how to create Service Application and add administrators through PowerShell but could not find any post that describe add users to “Permissions” section of Service Application. I have highlighted the section in below image.



In this post I will share some PowerShell script that I used to assign permissions for Service Application (i.e. PerformancePoint Service Application) but can be used for other type of Service App.

#Define couple of variables
$ServiceAppName = "PerformancePoint Service Application"
$ServiceAppAdminAccount = "domain\youradmin"
$ServiceAppPoolAccount = "domain\yourapppool"

#Getting Service Application instance
$ServiceApp = Get-SPServiceApplication | where{$_.Name -eq $ServiceAppName }

Write-Host "Adding Administrators..." -ForegroundColor Yellow

$principal = New-SPClaimsPrincipal $ServiceAppAdminAccount -IdentityType WindowsSamAccountName

$security = Get-SPServiceApplicationSecurity $ServiceApp –Admin
Grant-SPObjectSecurity $security $principal "Full Control"

Set-SPServiceApplicationSecurity -Identity $ServiceApp.Id -ObjectSecurity $security –Admin

Write-Host "Users '$ServiceAppAdminAccount' have been addd to 'Administrators' group of Service App" -ForegroundColor Green

Write-Host "Adding Service Account to Permissions group of Service App..." -ForegroundColor Yellow

$principal = New-SPClaimsPrincipal $ServiceAppPoolAccount -IdentityType WindowsSamAccountName

$security = Get-SPServiceApplicationSecurity $ServiceApp
Grant-SPObjectSecurity $security $principal "Full Control"

Set-SPServiceApplicationSecurity -Identity $ServiceApp.Id -ObjectSecurity $security

Write-Host "Users '$ServiceAppPoolAccount' have been addd to 'Permissions' group of Service App" -ForegroundColor Green

That's it.