Examples/Resources/SPServiceAppSecurity/1-Example.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<#
.EXAMPLE
    This example shows how full control permission can be given to the farm
    account and service app pool account to the user profile service app's
    sharing permission.
    It also shows granting access to specific areas to a user.
#>


    Configuration Example
    {
        param(
            [Parameter(Mandatory = $true)]
            [PSCredential]
            $SetupAccount
        )
        Import-DscResource -ModuleName SharePointDsc

        node localhost {
            $membersToInclude = @()
            $membersToInclude += MSFT_SPServiceAppSecurityEntry {
                                    Username     = "CONTOSO\SharePointFarmAccount"
                                    AccessLevels = @("Full Control")
                                }
            $membersToInclude += MSFT_SPServiceAppSecurityEntry {
                                    Username     = "CONTOSO\SharePointServiceApps"
                                    AccessLevels = @("Full Control")
                                }
            $membersToInclude += MSFT_SPServiceAppSecurityEntry {
                                    Username     = "CONTOSO\User1"
                                    AccessLevels = @("Manage Profiles", "Manage Social Data")
                                }
            SPServiceAppSecurity UserProfileServiceSecurity
            {
                ServiceAppName       = "User Profile Service Application"
                SecurityType         = "SharingPermissions"
                MembersToInclude     = $membersToInclude
                MembersToExclude     = @("CONTOSO\BadAccount1", "CONTOSO\BadAccount2")
                PsDscRunAsCredential = $SetupAccount
            }
        }
    }