How to grant rights to website collections and modify the SharePoint configuration
To make Kaspersky Security operable, the user account under which Kaspersky Security will be run must be granted rights to modify the SharePoint configuration and rights to website collections that need to be protected. Listed below are the methods of granting those rights to a user account.
Granting rights manually
You can grant rights manually through Microsoft SQL Server Management Studio or Microsoft SQL Server Management Studio Express. The user account must be assigned the following:
- db_owner role for the SQL database, which contains the SharePoint configuration (by default, SharePoint_Config database)
- db_owner role for the SQL database, which contains the SharePoint configuration contents (by default, SharePoint_AdminContent database)
- SiteCollection Administrator rights to each website collection that needs to be protected These rights can be granted (for example, through the SharePoint admin center or SharePoint command console).
- db_owner role for each SQL database with a website collection that needs to be protected
Granting rights using a script
Using scripts allows you to automate the process of granting rights to a user account. You must run the following scripts using Windows PowerShell:
- Script for granting rights to modify the SharePoint configuration
Add-SPShellAdmin -UserName <domain\KSH_User> - Script for granting rights to each website collection that needs to be protected
$wa = Get-SPWebApplication <http://WebApp.domain.com>$wa.GrantAccessToProcessIdentity(<domain\KSH_User>)$wa.Update()Where
http://WebApp.domain.comis the web address or GUID of the web application on the SharePoint portal, and <domain\KSH_User>You have to run this script for each web application on which SharePoint website collections are located.