Add a User or Group to the SPWebApplication User Policy for all Web Applications in the farm


 

Here are some PowerShell example to add a domain user or group to the User Policy for a SharePoint 2010 Web Application.

In this example, we’ll give domain\user01 “FullRead” permissions to the SharePoint Web Application http://sharepoint2010. This could be useful if you need to grant a domain account FullRead for searching.

$userOrGroup = "domain\user01"
$displayName = "Search Crawl Account"

Get-SPWebApplication http://sharepoint2010 | foreach {
    $webApp = $_
    $policy = $webApp.Policies.Add($userOrGroup, $displayName)
    $policyRole = $webApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullRead)
    $policy.PolicyRoleBindings.Add($policyRole)
    $webApp.Update()
}


In this example, we’ll give domain\user02 “FullControl” permissions to all of the SharePoint Web Applications in the farm:

$userOrGroup = "domain\user02"
$displayName = "SharePoint Admin"

Get-SPWebApplication | foreach {
    $webApp = $_
    $policy = $webApp.Policies.Add($userOrGroup, $displayName)
    $policyRole = $webApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl)
    $policy.PolicyRoleBindings.Add($policyRole)
    $webApp.Update()
}


Comments (2)
  1. Harb Frame says:

    This is great, but how do you do this in C#?

  2. Dave Wolf says:

    Nice stuff. Thanks for documenting it.

Comments are closed.

Skip to main content