DSCResources/MSFT_SPWebAppPolicy/MSFT_SPWebAppPolicy.schema.mof
|
[ClassVersion("1.0.0")]
Class MSFT_SPWebPolicyPermissions { [Key, Description("Name of the account")] String Username; [Write, Description("Permission level of the account"), ValueMap{"Deny All","Deny Write","Full Read","Full Control"}, Values{"Deny All","Deny Write","Full Read","Full Control"}] String PermissionLevel[]; [Write, Description("Identity type for this entry, either claims or native. If not specified it will default to whatever mode the web application is in."), ValueMap{"Claims","Native"}, Values{"Claims","Native"}] String IdentityType; [Write, Description("Specifies if the account is allowed to act as a system account")] Boolean ActAsSystemAccount; }; /* **Description** This resource is used to set the User Policies for web applications. The usernames can be either specified in Classic or Claims format, both will be accepted. There are a number of approaches to how this can be implemented. The "Members" property will set a specific list of members for the group, making sure that every user/group in the list is in the group and all others that are members and who are not in this list will be removed. The "MembersToInclude" and "MembersToExclude" properties will allow you to control a specific set of users to add or remove, without changing any other members that are in the group already that may not be specified here, allowing for some manual management outside of this configuration resource. Requirements: At least one of the Members, MemberToInclude or MembersToExclude properties needs to be specified. Do not combine the Members property with the MemberToInclude and MembersToExclude properties. Do not set the ActAsSystemAccount property to $true without setting the permission level to Full Control. **Example** SPWebAppPolicy WebAppPolicy { WebAppUrl = "http://sharepoint.contoso.com" Members = @( @(MSFT_SPWebPolicyPermissions { Username = "contoso\user1" PermissionLevel = "Full Control" ActAsSystemAccount = $true }) @(MSFT_SPWebPolicyPermissions { Username = "contoso\Group 1" PermissionLevel = "Full Read" IdentityType = "Claims" }) ) PsDscRunAsCredential = $InstallAccount } SPWebAppPolicy WebAppPolicy { WebAppUrl = "http://sharepoint.contoso.com" MembersToInclude = @( @(MSFT_SPWebPolicyPermissions { Username = "contoso\user1" PermissionLevel = "Full Control" }) @(MSFT_SPWebPolicyPermissions { Username = "contoso\user2" PermissionLevel = "Full Read" }) ) MembersToExclude = @( @(MSFT_SPWebPolicyPermissions { Username = "contoso\user3" }) ) SetCacheAccountsPolicy = $true PsDscRunAsCredential = $InstallAccount } */ [ClassVersion("1.0.0.0"), FriendlyName("SPWebAppPolicy")] class MSFT_SPWebAppPolicy : OMI_BaseResource { [Key, Description("The URL of the web application")] string WebAppUrl; [Write, Description("Exact list of accounts that will have to get Web Policy permissions"), EmbeddedInstance("MSFT_SPWebPolicyPermissions")] String Members[]; [Write, Description("List of all accounts that must be in the Web Policy group"), EmbeddedInstance("MSFT_SPWebPolicyPermissions")] String MembersToInclude[]; [Write, Description("List of all accounts that are not allowed to have any Web Policy permissions"), EmbeddedInstance("MSFT_SPWebPolicyPermissions")] String MembersToExclude[]; [Write, Description("Include the Cache Accounts in the policy or not")] Boolean SetCacheAccountsPolicy; [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsAccount if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount; }; |