SharePointDSC

1.3.0.0

en-us/about_SPServiceAppSecurity.help.txt

                                .NAME

    SPServiceAppSecurity

.DESCRIPTION

    This resource is used to manage the sharing security settings of a specific service 

    application. There are a number of approaches to how this can be implemented. Firstly 

    you can set permissions for the app administrators, or for the sharing permission by 

    specifying the SecurityType attribute. These options correlate to the buttons seen in 

    the ribbon on the "manage service applications" page in Central Administration after 

    you select a specific service app. The "Members" property will set a specific list of 

    members for the service app, making sure that every user/group in the list is in the 

    group and all others that are members and who are not in this list will be removed. 

    The "MembersToInclude" and "MembersToExclude" properties will allow you to control a 

    specific set of users to add or remove, without changing any other members that are in 

    the group already that may not be specified here, allowing for some manual management 

    outside of this configuration resource.

.PARAMETER ServiceAppName

    Key - String

    The name of the service application you wish to apply security settings to

.PARAMETER SecurityType

    Key - string

    Allowed values: Administrators, SharingPermissions

    Administrators will set the administrators for the service app, SharingPermissions will set those granted access through the permissions button seen in the Sharing section of the ribbon in central admin

.PARAMETER Members

    Write - String

    A list of members to set the group to. Those not in this list will be removed

.PARAMETER MembersToInclude

    Write - String

    A list of members to add. Members not in this list will be left in the group

.PARAMETER MembersToExclude

    Write - String

    A list of members to remove. Members not in this list will be left in the group

.PARAMETER InstallAccount

    Write - String

    POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5

.EXAMPLE

    This example shows how full control permission can be given to the farm 

    account and service app pool account to the user profile service app's 

    sharing permission.

    Configuration Example 

    {

        param(

            [Parameter(Mandatory = $true)]

            [PSCredential]

            $SetupAccount

        )

        Import-DscResource -ModuleName SharePointDsc

        node localhost {

            $membersToInclude = @()

            $membersToInclude += MSFT_SPServiceAppSecurityEntry {

                                    Username    = "CONTOSO\SharePointFarmAccount"

                                    AccessLevel = "Full Control"

                                }

            $membersToInclude += MSFT_SPServiceAppSecurityEntry {

                                    Username    = "CONTOSO\SharePointServiceApps"

                                    AccessLevel = "Full Control"

                                }

            SPServiceAppSecurity UserProfileServiceSecurity

            {

                ServiceAppName       = "User Profile Service Application"

                SecurityType         = "SharingPermissions"

                MembersToInclude     = $membersToInclude

                MembersToExclude     = @("CONTOSO\BadAccount1", "CONTOSO\BadAccount2")

                PsDscRunAsCredential = $SetupAccount 

            }

        }

    }