When you add a user into Farm Administrators group in SharePoint 2007 it automatically added as db_owner for the config database. So, I assumed SP2010 works the same way, but it does not.
When you add a user into Farm Administrators group it is automatically added into WSS_ADMIN_WPG group only.
Refer to the following article to find out which permissions the group has.
In few words it has permissions to system folders on the SP server.
If you do not want to grant direct access to configuration database you can use PowerShell command:
Add-SPShellAdmin –username <String>
The command adds the user to the SharePoint_Shell_Access role. In fact, those users who included in the role have db_owner access to the Configuration database.
To get a list of users included into the group execute the following comm and:
Get-SPShellAdmin
Refer to the following article for details about required permissions to run PowerShell.
Refer to the following article for details about the SharePoint_Shell_Access role.
Also if you receive the error message when using STSADM, that may mean you run it under a Farm Administrator user who does not have direct access to SP databases. The error message is the following:
When you add a user into Farm Administrators group it is automatically added into WSS_ADMIN_WPG group only.
Refer to the following article to find out which permissions the group has.
In few words it has permissions to system folders on the SP server.
The account does not have direct access to SQL databases, so there will be problems for any third party tools which work with SharePoint through API.
The difference is that when you're working with SharePoint via Central Administration you're actually working with databases under Application Pool account. But when you're working via API (SharePoint Object Model for example) you're working in the context of the account executing API calls. So, to get the API calls working you should grant direct access to SharePoint databases.
Add-SPShellAdmin –username <String>
The command adds the user to the SharePoint_Shell_Access role. In fact, those users who included in the role have db_owner access to the Configuration database.
To get a list of users included into the group execute the following comm and:
Get-SPShellAdmin
Refer to the following article for details about required permissions to run PowerShell.
Refer to the following article for details about the SharePoint_Shell_Access role.
Also if you receive the error message when using STSADM, that may mean you run it under a Farm Administrator user who does not have direct access to SP databases. The error message is the following:
This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database. To connect this server to the server farm, use the SharePoint Products Configuration Wizard, located on the Start menu in Microsoft SharePoint 2010 Products.
No comments:
Post a Comment