SharePoint Permissions

This page describes how to assign certain permissions that are required to install, configure or execute K2 for SharePoint against SharePoint. See the topic Required Permissions - K2 for SharePoint for more information of the specific permissions required for each account.

Using a cmdlet to add a user to the SharePoint_Shell_Access role

To use Windows PowerShell 3.0 for SharePoint 2013, you must be a member of the SharePoint_Shell_Access role on the configuration database and a member of the WSS_ADMIN_WPG local group on the computer where SharePoint 2013 is installed.

You can run the following cmdlet to add a user to the SharePoint_Shell_Access role:

$contentDBId = (Get-SPDatabase | ?{$_.Name -eq "{ContentDatabaseName}")
Add-SPShellAdmin -UserName {DOMAIN\UserName} -database $contentDBId

The result of running this cmdlet is that the user specified with the {Domain\UserName} parameter will have the db_owner role access on the affected databases as described below. Therefore, you should carefully plan which users are given this access.

• Content_database (Usually, this database is called WSS_Portal and refers to the content database for the Portal Web application.)
  
  • Public
  • SharePoint_Shell_Access
  • SPDataAccess
• SharePoint_AdminContent_[Guid]
  • Public
  • SharePoint_Shell_Access
  • SPDataAccess
• SharePoint_Config
  • Public
  • SharePoint_Shell_Access
  • SPDataAccess

When you run this cmdlet to add a user to the SharePoint_Shell_Access role, you must have membership in the securityadmin fixed server role on the SQL Server instance, membership in the db_owner fixed database role on all affected databases, and local administrative permission on the local computer.

This cmdlet is intended only to be used with a database that uses Windows authentication. There is no need to use this cmdlet for databases that use SQL authentication; in fact, doing so may result in an error message.