Administrator Permissions

• User must be a part of the following groups on SharePoint Server system: 

  • Remote Desktop Users
  • WinRMRemoteWMIUsers
  • WSS_ADMIN_WPG

• User must have SPShellAdmin access role on all the content databases from the SharePoint Server that this connector must manage. This allows connector to execute SharePoint cmdlets. Execute the following command on SharePoint Server to give the SPShellAdmin role to the application user: 

  Add-SPShellAdmin -UserName <DOMAIN\UserName> -Database (Get-SPContentDatabase -Identity “WSS_Content”)

  To grant access to all content databases use the following command:

  Get-SPDatabase | Add-SPShellAdmin DOMAIN\UserName

• On SharePoint Server and IQService host, the Application User must have Read and Execute permission for Microsoft.PowerShell32 and Microsoft.PowerShell. Execute the following command on SharePoint Server and IQService host systems to allow that permission:

  Set-PSSessionConfiguration -Name “Microsoft.PowerShell32”–ShowSecurityDescriptorUI 

  Set-PSSessionConfiguration -Name "Microsoft.PowerShell" –ShowSecurityDescriptorUI

• On SharePoint Server and IQService system, restart the WinRM service for the new settings to take effect:

  Restart-Service WinRM 

• The Application User must have access to all SharePoint Web Applications that must be managed by the connector. Create PowerShell script as follows and execute on SharePoint Management Shell:

  $webApp = Get-SPWebApplication -Identity “Web App Url”

  $webApp.GrantAccessToProcessIdentity("Domain\UserName")

  Add above lines for each web application.