User Permission Requirements

Other versions

To run SPDocKit and to retrieve all SharePoint settings you want to document, the user running the application and SPDocKit service account needs to have proper privileges. Here is the list of required privileges to load SharePoint farm settings:

  1. Local Administrators and WSS_ADMIN_WPG group on every machine in the SharePoint farm. Required to retrieve list of installed applications on farm servers.
  2. SharePoint Farm administrator. Required to retrieve SharePoint farm settings.
  3. Member of SharePoint_Shell_Access role on SharePoint Server. Required to retrieve particular SharePoint farm properties via PowerShell.
  4. Special privileges for the Service Account: Service account needs to have privileges listed above along and Log on as a Service right.
    Click here for instructions on how to configure that right.
  5. Server specific requirements needed to retrieve additional server configuration data (RAM, processors, disk space…) and SQL Server configuration information for DB servers.

Instructions

Here is how you can give a user these privileges:

  1. To add user account to the Local Administrators group (repeat the same steps for WSS_ADMIN_WPG):
    • On the server, click Start, right-click Computer, and then click Manage.
    • Navigate to Configuration, expand Local Users and Groups and then click Groups.
    • Right-click the Administrators group, and then click Add to Group.
    • In the Administrators Properties dialog box, click Add.
    • In the Select User, Computers, or Groups dialog box, in the Enter the object names to select box, type the account name on which you want your worker process to run (for example, <Domain>\YourAccount), and then click OK.
    • In the Administrators dialog box, click OK.
    • Close the Server Manager screen.
  2. To add user account to SharePoint Farm Administrators group:
    • Open SharePoint Central Administration.
    • Navigate to Security > Manage the farm administrators group.
    • Use the New button to add users to this group.
  3. To add user account to SharePoint_Shell_Access role:
    • Open SharePoint Management Shell.
    • Type the following PowerShell command: Add-SPShellAdmin -UserName DOMAIN\YourAccount (click here to learn more).
    • If you want to grant PowerShell, shell access to a single database check this article for more details.
    • If you want to grant PowerShell shell access to all content databases run this script (download Configure-SPShellAdmin.ps1):
      Please note:
      • The cmdlet Add-SPShellAdmin is going to apply to all the current SharePoint databases. If more SharePoint databases are added in the future, you might have to re-run the cmdlet again.
      • The cmdlet might fail in some environments; please contact us for further assistance.
      
           if((Get-PSSnapin | Where {$_.Name -eq "Microsoft.SharePoint.PowerShell"})-eq $null)
           {Add-PSSnapin Microsoft.SharePoint.PowerShell;}
           cls
           $username = Read-Host "Enter username";
           Get-SPDatabase | ForEach-Object {Add-SPShellAdmin -UserName $username -database $_.Id}

SPDocKit database requirements

Creating a new database

To be able to create a new SPDocKit dedicated database, user account running the installation and configuration wizard (i.e. install account) should be granted both dbcreator and securityadmin role on the preferred SQL Server. This allows the account to create a new database and to assign proper privileges after creation. The install account will be automatically given db_owner privileges on the newly created database if possible. Otherwise, it is advised that the account is given that privilege manually, as it is needed for upgrading the database.

Privileges required to run the application

These privileges will be granted automatically when a new SPDocKit database is created or during database upgrade.

  • SPDocKit service account needs to be granted SPDocKit_service_role role on the SPDocKit database. This role will make service account member of db_datawriter and db_datareader role and grant execute permissions on all the stored procedures in the database.
  • The account running load from the SPDocKit console needs to have the same privileges as the SPDocKit service account (see above).

Workstation Requirements

When running the application on a workstation, SPDocKit user connecting to any SharePoint 2010, SharePoint 2013, SharePoint 2016 or SharePoint Online site will need to be granted Site Collection Administrator privileges for each site he is trying to explore and manage.

To connect to an existing SPDocKit database from the workstation, SPDocKit user will need to be granted db_datareader rights on SPDocKit database.

Error Message

If the user does not have proper privileges the following error message will be shown:

“You do not have privileges to load current farm! Please contact your administrator.”

Learn more