Closed HeKr09 closed 2 years ago
I didn't found any resource to set the service application administrators. Maybe I am wrong?! I already implemented a Script-Resource which works fine for me. Maybe the community can optimize it :)
Script "UserProfileServiceAdminFarmAdmin" { GetScript = { Invoke-SPDscCommand -Arguments @($using:UPS.Name, $using:accountName) -ScriptBlock { $spapp = Get-SPServiceApplication -Name $args[0] $security = Get-SPServiceApplicationSecurity $spapp -Admin return $($security.AccessRules | Where-Object Name -like "*$($args[1])") } } SetScript = { $accountAccessRule = [ScriptBlock]::Create($GetScript).Invoke() Invoke-SPDscCommand -Arguments @($using:accountAccessRule, $using:accountName, $using:UPS.Name, $using:rights) -ScriptBlock { $principal = New-SPClaimsPrincipal $args[1] -IdentityType WindowsSamAccountName $spapp = Get-SPServiceApplication -Name $args[2] $security = Get-SPServiceApplicationSecurity $spapp -Admin if($args[0].Count -eq 1) { Revoke-SPObjectSecurity -Identity $security -Principal $principal } Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights $args[3] Set-SPServiceApplicationSecurity -Identity $spapp -ObjectSecurity $security -Admin } } TestScript = { $accountAccessRule = [ScriptBlock]::Create($GetScript).Invoke() # TODO Test Permissions return $false } DependsOn = @("[SPUserProfileServiceApp]UserProfileServiceApp") PsDscRunAsCredential = $SpSetupAccount }
I tried to test the permissions but did not find any proper documentation about the rights enum within the AccessRules.
This resource already exists and is called SPServiceAppSecurity. Documentation can be found here
Thank you! I really didn't found it :(
Resource proposal
I didn't found any resource to set the service application administrators. Maybe I am wrong?! I already implemented a Script-Resource which works fine for me. Maybe the community can optimize it :)
Proposed properties
Special considerations or limitations
I tried to test the permissions but did not find any proper documentation about the rights enum within the AccessRules.