How to grant rights to website collections and modify the SharePoint configuration

To ensure the proper functioning of Kaspersky Security, the user account under which Kaspersky Security will be run must be granted rights to modify the SharePoint configuration, as well as rights to website collections that need to be protected. Listed below are the methods of granting those rights to a user account.

Granting rights manually

You can grant rights manually through Microsoft SQL Server Management Studio or Microsoft SQL Server Management Studio Express.

The user account must be assigned the following:

• db_owner role for the SQL database, which contains the SharePoint configuration (by default, SharePoint_Config database).
• db_owner role for the SQL database, which contains the SharePoint configuration contents (by default, SharePoint_AdminContent database).
• SiteCollection Administrator rights to each of the website collections that need to be protected.

  These rights can be granted, for example, through the SharePoint admin center or the SharePoint command console.

• db_owner role for each SQL database with a website collection that needs to be protected.

Granting rights using a script

Use of scripts lets you automate the process of granting a user account the rights to website collections.

You can run the following scripts using Windows PowerShell™:

• script for granting rights to modify the SharePoint configuration:

  Add-SPShellAdmin -UserName <domain\KSH_User>

• script for granting rights to each website collection that needs to be protected:

  $wa = Get-SPWebApplication <http://WebApp.domain.com>

  $wa.GrantAccessToProcessIdentity(<domain\KSH_User>)

  $wa.Update()

  Where:

  http://WebApp.domain.com is the web address or GUID of the web application on the SharePoint portal.

  domain\KSH_User is the user account name created for managing Kaspersky Security.

  You must run this script for each web application on which SharePoint website collections are located.

Page top