SharePoint On-Premises User Permissions Requirements
This article lists all user privileges needed to retrieve SharePoint farm settings with SPDocKit.
Last updated
Was this helpful?
This article lists all user privileges needed to retrieve SharePoint farm settings with SPDocKit.
Last updated
Was this helpful?
To run SPDocKit and to retrieve all SharePoint settings you want to document, both the user running SPDocKit and the SPDocKit service account need to have proper privileges. Here is the list of required privileges to load SharePoint farm settings:
Local Administrators and WSS_ADMIN_WPG group member on every machine in the SharePoint farm. Required to retrieve list of installed applications on farm servers.
SharePoint farm administrator. Required to retrieve SharePoint farm settings.
Member of SharePoint_Shell_Access role on SharePoint Server databases. Required to retrieve particular SharePoint farm properties via PowerShell.
Special privileges for the Service Account: Service account needs to have privileges listed above as well as the Log on as a Service right. on how to configure that right.
needed to retrieve additional server configuration data (RAM, processors, disk space…) and SQL Server configuration information for DB servers.
needed to retrieve Search service application configuration data (content sources, crawl rules, managed properties, search topologies...).
needed to retrieve User Profile service application configuration data (Synchronization Connections, MySite Settings, Audiences, User Profile Properties...).
Here is how you can give user these privileges:
On the server, click Start, right-click Computer, and then click Manage.
Navigate to Configuration, expand Local Users and Group and then click Groups.
Right-click the Administrators group, and then click Add to Group.
In the Administrators Properties dialog box, click Add.
In the Select User, Computers, or Groups dialog box, in the Enter the object names to select box, type the account name on which you want your worker process to run (for example, Domain\YourAccount), and then click OK.
In the Administrators dialog box, click OK.
Close the Server Manager screen.
Open SharePoint Central Administration.
Navigate to Security > Manage the farm administrators group.
Use the New button to add users to this group.
Open SharePoint Management Shell.
If you want to grant PowerShell shell access to all content databases, download and run the following script:
Please note! The cmdlet Add-SPShellAdmin is going to apply to all current SharePoint databases. If more SharePoint databases are added in the future, you might have to re-run the cmdlet again.
To be able to create a new SPDocKit dedicated database, the user account running the installation and configuration wizard (i.e. install account) should be granted both the dbcreator and securityadmin roles on the preferred SQL Server. This allows the account to create a new database and to assign proper privileges after creation. The install account will be automatically given db_owner privileges on the newly created database, if possible. Otherwise, it is advised that the account is given that privilege manually, as it is needed for upgrading the database.
These privileges will be granted automatically when a new SPDocKit database is created or during a database upgrade.
SPDocKit service account will be granted the SPDocKit_service_role role on the SPDocKit database. This role will make the service account a member of the db_datawrite and db_datareader roles and grant EXECUTE permissions on all the stored procedures in the database.
The account running load from the SPDocKit console needs to have the same privileges as the SPDocKit service account (see above).
When SPDocKit is installed on a workstation, only an existing database can be used. Also, the user running SPDocKit will need to be granted the db_datareader rights on the existing SPDocKit database. To create a new database, please install SPDocKit on a SharePoint server.
To view and manage Live permissions in Permissions Explorer the user has to be a Site Collection Administrators of the Site Collection where the changes are made, otherwise, the following warning message appears: 'You do not have sufficient permissions to view this report'. As a Farm Administrator, you can view and manage permissions on all Site Collections in a SharePoint farm.
Please note! To create a new snapshot, you need to use SPDocKit installed on a SharePoint server.
If the user does not have proper privileges, the following error message will be shown:
“You do not have privileges to load the current farm! Please contact your administrator.”
Type the following PowerShell command: <Add-SPShellAdmin -UserName DOMAIN\YourAccount>
.
If you want to grant PowerShell shell access to a single database for more details.
The cmdlet might fail in some environments; please for further assistance.
In the event that the SPDocKit install account is not in the securityAdmin role, please add the SPDocKit service account manually to the SPDocKit_service_role. for additional information.