How to grant rights to website collections and modify the SharePoint configuration

To make Kaspersky Security operable, the user account under which Kaspersky Security will be run must be granted rights to modify the SharePoint configuration and rights to website collections that need to be protected. Listed below are the methods of granting those rights to a user account.

Granting rights manually

You can grant rights manually through Microsoft SQL Server Management Studio or Microsoft SQL Server Management Studio Express. The user account must be assigned the following:

• db_owner role for the SQL database, which contains the SharePoint configuration (by default, SharePoint_Config database)
• db_owner role for the SQL database, which contains the SharePoint configuration contents (by default, SharePoint_AdminContent database)
• SiteCollection Administrator rights to each website collection that needs to be protected These rights can be granted (for example, through the SharePoint admin center or SharePoint command console).
• db_owner role for each SQL database with a website collection that needs to be protected

Granting rights using a script

Using scripts allows you to automate the process of granting rights to a user account. You must run the following scripts using Windows PowerShell™:

• Script for granting rights to modify the SharePoint configuration

  Add-SPShellAdmin -UserName <domain\KSH_User>

• Script for granting rights to each website collection that needs to be protected

  $wa = Get-SPWebApplication <http://WebApp.domain.com>

  $wa.GrantAccessToProcessIdentity(<domain\KSH_User>)

  $wa.Update()

  Where http://WebApp.domain.com is the web address or GUID of the web application on the SharePoint portal, and <domain\KSH_User> is the name of the account created for managing Kaspersky Security.

  You have to run this script for each web application on which SharePoint website collections are located.

Page top