Examples/Resources/SPServiceAppSecurity/1-Example.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<#
.EXAMPLE
    This example shows how full control permission can be given to the farm
    account and service app pool account to the user profile service app's
    sharing permission.
#>


    Configuration Example 
    {
        param(
            [Parameter(Mandatory = $true)]
            [PSCredential]
            $SetupAccount
        )
        Import-DscResource -ModuleName SharePointDsc

        node localhost {
            $membersToInclude = @()
            $membersToInclude += MSFT_SPServiceAppSecurityEntry {
                                    Username    = "CONTOSO\SharePointFarmAccount"
                                    AccessLevel = "Full Control"
                                }
            $membersToInclude += MSFT_SPServiceAppSecurityEntry {
                                    Username    = "CONTOSO\SharePointServiceApps"
                                    AccessLevel = "Full Control"
                                }
            SPServiceAppSecurity UserProfileServiceSecurity
            {
                ServiceAppName       = "User Profile Service Application"
                SecurityType         = "SharingPermissions"
                MembersToInclude     = $membersToInclude
                MembersToExclude     = @("CONTOSO\BadAccount1", "CONTOSO\BadAccount2")
                PsDscRunAsCredential = $SetupAccount 
            }
        }
    }