DSCResources/MSFT_SPShellAdmins/MSFT_SPShellAdmins.schema.mof
|
[ClassVersion("1.0.0")]
Class MSFT_SPContentDatabasePermissions { [Key, Description("Name of the Content Database")] String Name; [Write, Description("Exact list of accounts that will have to get Shell Admin permissions")] String Members[]; [Write, Description("List of all accounts that must be in the Shell Admins group")] String MembersToInclude[]; [Write, Description("List of all accounts that are not allowed to have Shell Admin permissions")] String MembersToExclude[]; }; /* **Description** This resource is used to manage the users with Shell Admin permissions. There are a number of approaches to how this can be implemented. The "Members" property will set a specific list of members for the group, making sure that every user/group in the list is in the group and all others that are members and who are not in this list will be removed. The "MembersToInclude" and "MembersToExclude" properties will allow you to control a specific set of users to add or remove, without changing any other members that are in the group already that may not be specified here, allowing for some manual management outside of this configuration resource. The "ContentDatabases" and "AllContentDatabases" properties will allow you to control the permissions on Content Databases. Requirements: At least one of the Members, MemberToInclude or MembersToExclude properties needs to be specified. Do not combine the Members property with the MemberToInclude and MembersToExclude properties. Do not combine the ContentDatabase property with the AllContentDatabases property. Notes: 1.) If a content database is created using the Central Admin, the farm account is the owner of that content database in SQL Server. When this is true, you cannot add it to the Shell Admins (common for AllContentDatabases parameter) and the resource will throw an error. Workaround: Change database owner in SQL Server. **Example** SPShellAdmins ShellAdmins { Name = "Shell Admins" Members = "CONTOSO\user1", "CONTOSO\user2" AllContentDatabases = $true } SPShellAdmins ShellAdmins { Name = "Shell Admins" Members = "CONTOSO\user1", "CONTOSO\user2" ContentDatabases = @( @(MSFT_SPContentDatabasePermissions { Name = "SharePoint_Content_1" Members = "CONTOSO\user2", "CONTOSO\user3" }) @(MSFT_SPContentDatabasePermissions { Name = "SharePoint_Content_2" Members = "CONTOSO\user3", "CONTOSO\user4" }) ) } */ [ClassVersion("1.0.0.0"), FriendlyName("SPShellAdmins")] class MSFT_SPShellAdmins : OMI_BaseResource { [Key, Description("Name for the config, used for administration purposes")] String Name; [Write, Description("Exact list of accounts that will have to get Shell Admin permissions")] String Members[]; [Write, Description("List of all accounts that must be in the Shell Admins group")] String MembersToInclude[]; [Write, Description("List of all accounts that are not allowed to have Shell Admin permissions")] String MembersToExclude[]; [Write, Description("Shell Admin configuration of Content Databases"), EmbeddedInstance("MSFT_SPContentDatabasePermissions")] String ContentDatabases[]; [Write, Description("Specify if all content databases must get the same config as the general config")] Boolean AllContentDatabases; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsAccount if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; }; |