Administration Permissions
If you have used STSADM in any capacity, you
might understand the frustration that comes from failure to execute
operations because the current user does not have enough permissions in
SharePoint content and configuration databases. The typical response
from IT is to provide you the credentials of the SharePoint farm
account and have you run the SharePoint Management Shell as the farm
user—not ideal.
SharePoint requires the current user (running
the PowerShell session) to be a member of the SharePoint Shell Access
role, and be a member of the local Windows security group
WSS_ADMIN_WPG. Assuming you have administrator rights on the SQL Server
hosting SharePoint, and the local SharePoint server, you could assign
users to the SQL role for a SharePoint database and assign the same
users to the local security group via server management.
To grant administration rights for a user, you
first have to possess administration rights—a chicken and egg
situation. In all likelihood, you
have already established farm administration rights and have SQL
administration rights on the SQL Server. All the same, it is good to
try out the following commands and assign an otherwise-non-admin user
permissions to execute shell commands against SharePoint.
In this example, I am going to grant my user
permissions on my default WSS content database, by providing the
database parameter. If you do not include the database parameter in the
following command, then SharePoint will assign the permission in the
main SharePoint configuration database—this is fine if you plan to
perform PowerShell commands that configure the farm. If you plan to use
PowerShell to administer site collections, subsites, lists, etc.
belonging to a specific content database, then I recommend using the
database parameter with a specific content database.
$db = Get-SPContentDatabase -Identity WSS_Content
Add-SPShellAdmin -database $db -UserName ROBDEV\sp_admin
Follow up the preceding command with the following one to get a list of shell administrators for the default content database:
$db = Get-SPContentDatabase -Identity WSS_Content
Get-SPShellAdmin –database $db
It probably goes without saying (but I will say
it regardless) that you can revoke shell administration rights with the
following commands:
$db = Get-SPContentDatabase -Identity WSS_Content
Remove-SPShellAdmin -database $db -UserName ROBDEV\sp_admin
Content Databases
In the previous section, ”Administration Permissions,” I included the Cmdlet Get-SPContentDatabase.
This Cmdlet is one of a small list that deals with content databases. A
content database, as you may already know, stores all content for one
or many site collections. The following command lists the content
database Cmdlets, explained in Table 2. Of course, you can leverage the Get-Help Cmdlet to get more information on any of the listed Cmdlets.
Get-Command *SPContentDatabase*
Table 2. Content Database Cmdlets
|
Dismount-SPContentDatabase
|
Detaches a currently mounted content database from its associated
web application—use this command if you are planning to take a content
database out of service. The database remains attached to SQL Server. |
|
Get-SPContentDatabase
|
Gets an instance of a content database; an example of this Cmdlet
is in the previous section on administration permissions when you
assigned shell permissions to a content database. |
|
Mount-SPContentDatabase
|
Attaches an existing content database to an existing web
application. If the content database requires upgrade to a newer
version, SharePoint will perform the upgrade before mounting. |
|
New-SPContentDatabase
|
Creates a new content database and attaches it to a specified web
application. This Cmdlet assumes you do not already have a content
database by the designated name in SQL Server. |
|
Remove-SPContentDatabase
|
Similar to the Dismount-SPContentDatabase Cmdlet, but this Cmdlet will detach the content database from SQL Server and delete it. Do not use this Cmdlet if you wish to retain the database (and data within) for later attach to another SharePoint farm. |
|
Set-SPContentDatabase
|
Sets global properties of an existing content database, such as the maximum number of site collections, status, etc. |
|
Test-SPContentDatabase
|
Tests a content database against an existing web application to
verify that all customizations referenced within the content database
also reside in the web application. You can issue this Cmdlet against a
content database currently attached to the farm, or a content database
not connected to the farm, and it is useful for testing SharePoint 2010
content database pre-upgrade. |
|
Upgrade-SPContentDatabase
|
Initiates upgrade of an existing content database that otherwise
failed to upgrade in a previous operation. This Cmdlet assumes the
content database attached to SQL Server. |
Of the Cmdlets listed in Table 2, the Cmdlet Mount-SPContentDatabase plays an important part in database-attach upgrades from SharePoint 2010 to SharePoint 2013. We use the Get-SPContentDatabase
Cmdlet most often because it returns an object instance representing
the content database, which we may then pass to other Cmdlets. This
Cmdlet returns a SPContentDatabase object, which has many properties. To see a list of them, execute the following command:
Get-SPContentDatabase | Format-List *
The Format-List Cmdlet displays the properties of a piped object in list format (Figure 4).
The Get-SPContentDatabase Cmdlet lists all content database–associated web applications; using the –WebApplication parameter, provide the name of the web application.
Get-SPContentDatabase –WebApplication "SharePoint -80"
Every site collection resides in at least and
no more than one content database, which you can establish using the
–Site parameter, as follows:
Get-SPContentDatabase –Site " http://hostname/sitecollection "
