About Help

Choose a topic from the list on the left or search for a specific topic. Choose a topic from the list or search for a specific topic.
Cmdlets  Providers  Aliases  Modules
 

about_SPServiceAppSecurity

Spserviceappsecurity

SharePointDSC
 

SHORT DESCRIPTION

 

.NAME

    SPServiceAppSecurity 
 
# Description 
     
    This resource is used to manage the sharing security settings of a specific 
    service application. There are a number of approaches to how this can be 
    implemented. Firstly you can set permissions for the app administrators, or 
    for the sharing permission by specifying the SecurityType attribute. These 
    options correlate to the buttons seen in the ribbon on the "manage service 
    applications" page in Central Administration after you select a specific 
    service app. The "Members" property will set a specific list of members for 
    the service app, making sure that every user/group in the list is in the group 
    and all others that are members and who are not in this list will be removed. 
    The "MembersToInclude" and "MembersToExclude" properties will allow you to 
    control a specific set of users to add or remove, without changing any other 
    members that are in the group already that may not be specified here, allowing 
     
.PARAMETER ServiceAppName 
    Key - String 
    The name of the service application you wish to apply security settings to 
 
.PARAMETER SecurityType 
    Key - string 
    Allowed values: Administrators, SharingPermissions 
    Administrators will set the administrators for the service app, SharingPermissions will set those granted access through the permissions button seen in the Sharing section of the ribbon in central admin 
 
.PARAMETER Members 
    Write - String 
    A list of members to set the group to. Those not in this list will be removed 
 
.PARAMETER MembersToInclude 
    Write - String 
    A list of members to add. Members not in this list will be left in the group 
 
.PARAMETER MembersToExclude 
    Write - String 
    A list of members to remove. Members not in this list will be left in the group 
 
.PARAMETER InstallAccount 
    Write - String 
    POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5 
 
 

.EXAMPLE

    This example shows how full control permission can be given to the farm  
    account and service app pool account to the user profile service app's  
    sharing permission. 
 
 
    Configuration Example  
    { 
        param( 
            [Parameter(Mandatory = $true)] 
            [PSCredential] 
            $SetupAccount 
        ) 
        Import-DscResource -ModuleName SharePointDsc 
 
        node localhost { 
            $membersToInclude = @() 
            $membersToInclude += MSFT_SPServiceAppSecurityEntry { 
                                    Username    = "CONTOSO\SharePointFarmAccount" 
                                    AccessLevel = "Full Control" 
                                } 
            $membersToInclude += MSFT_SPServiceAppSecurityEntry { 
                                    Username    = "CONTOSO\SharePointServiceApps" 
                                    AccessLevel = "Full Control" 
                                } 
            SPServiceAppSecurity UserProfileServiceSecurity 
            { 
                ServiceAppName       = "User Profile Service Application" 
                SecurityType         = "SharingPermissions" 
                MembersToInclude     = $membersToInclude 
                MembersToExclude     = @("CONTOSO\BadAccount1", "CONTOSO\BadAccount2") 
                PsDscRunAsCredential = $SetupAccount  
            } 
        } 
    }