SharePointDSC

1.8.0.0

en-US/about_SPServiceAppSecurity.help.txt

                                .NAME

    SPServiceAppSecurity

# Description

    This resource is used to manage the sharing security settings of a specific

    service application. There are a number of approaches to how this can be

    implemented. Firstly you can set permissions for the app administrators, or

    for the sharing permission by specifying the SecurityType attribute. These

    options correlate to the buttons seen in the ribbon on the "manage service

    applications" page in Central Administration after you select a specific

    service app. The "Members" property will set a specific list of members for

    the service app, making sure that every user/group in the list is in the group

    and all others that are members and who are not in this list will be removed.

    The "MembersToInclude" and "MembersToExclude" properties will allow you to

    control a specific set of users to add or remove, without changing any other

    members that are in the group already that may not be specified here, allowing

.PARAMETER ServiceAppName

    Key - String

    The name of the service application you wish to apply security settings to

.PARAMETER SecurityType

    Key - string

    Allowed values: Administrators, SharingPermissions

    Administrators will set the administrators for the service app, SharingPermissions will set those granted access through the permissions button seen in the Sharing section of the ribbon in central admin

.PARAMETER Members

    Write - String

    A list of members to set the group to. Those not in this list will be removed

.PARAMETER MembersToInclude

    Write - String

    A list of members to add. Members not in this list will be left in the group

.PARAMETER MembersToExclude

    Write - String

    A list of members to remove. Members not in this list will be left in the group

.PARAMETER InstallAccount

    Write - String

    POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5

.EXAMPLE

    This example shows how full control permission can be given to the farm 

    account and service app pool account to the user profile service app's 

    sharing permission.

    Configuration Example 

    {

        param(

            [Parameter(Mandatory = $true)]

            [PSCredential]

            $SetupAccount

        )

        Import-DscResource -ModuleName SharePointDsc

        node localhost {

            $membersToInclude = @()

            $membersToInclude += MSFT_SPServiceAppSecurityEntry {

                                    Username    = "CONTOSO\SharePointFarmAccount"

                                    AccessLevel = "Full Control"

                                }

            $membersToInclude += MSFT_SPServiceAppSecurityEntry {

                                    Username    = "CONTOSO\SharePointServiceApps"

                                    AccessLevel = "Full Control"

                                }

            SPServiceAppSecurity UserProfileServiceSecurity

            {

                ServiceAppName       = "User Profile Service Application"

                SecurityType         = "SharingPermissions"

                MembersToInclude     = $membersToInclude

                MembersToExclude     = @("CONTOSO\BadAccount1", "CONTOSO\BadAccount2")

                PsDscRunAsCredential = $SetupAccount 

            }

        }

    }