September 2011 -- SharePoint Solutions Team Blog

Wednesday, September 07, 2011

Method to grant account access to User Profile Service Application

by Tony Bierman

In order to work with SharPoint's User Profile Service Application beyond a read-only capacity, a user account must be granted appropriate access. Otherwise, you'll encounter errors such as ActivityFeedPermissionDeniedException when attempting to perform operations such as ActivityEvent.CreateActivityEvent.

The following method will grant access to User Profile Service Application for a specified account name of the format DOMAIN\User.

private static void GrantPermissionsToUserProfileService(string accountName)
{
var upServiceproxy = SPFarm.Local.Services.Where(s => s.GetType().Name.Contains("UserProfileService")).FirstOrDefault();
if (upServiceproxy != null)
{
  var upServiceApp = upServiceproxy.Applications.OfType<SPIisWebServiceApplication>().FirstOrDefault();
  if (upServiceApp != null)
  {
      var mgr = SPClaimProviderManager.Local;

      var security = upServiceApp.GetAccessControl();
      var claim = mgr.ConvertIdentifierToClaim(accountName, SPIdentifierTypes.WindowsSamAccountName);
      security.AddAccessRule(new SPAclAccessRule<SPIisWebServiceApplicationRights>(claim, SPIisWebServiceApplicationRights.FullControl));
      upServiceApp.SetAccessControl(security);

      var adminSecurity = upServiceApp.GetAdministrationAccessControl();
      var adminClaim = mgr.ConvertIdentifierToClaim(accountName, SPIdentifierTypes.WindowsSamAccountName);
      adminSecurity.AddAccessRule(new SPAclAccessRule<SPCentralAdministrationRights>(adminClaim, SPCentralAdministrationRights.FullControl));
      upServiceApp.SetAdministrationAccessControl(adminSecurity);

      upServiceApp.Uncache();
      upServiceproxy.Uncache();
  }
}
}

In the scenario where your application's execution context is a SPJobDefinition, your code will be running under the account identity of the SharePoint 2010 Timer service. In this previous article, I showed you how to write a method to determine the account identity of the timer service. Combining the two methods should allow you to create a custom SharePoint PowerShell cmdlet which will grant access before running your custom timer job to perform such functions as updating SharePoint user profiles.

Method to determine account identity of 'SharePoint 2010 Timer' (SPTimerV4) Windows Service

by Tony Bierman

As a developer of solutions for the SharePoint 2010 platform, you may on occasion find the need to determine the account identity of the SharePoint 2010 Timer Windows Service (SPTimerV4). The following method will return the service's account name for you.

private static string GetSPTimerJobAccountName()
{
   string retval = null;
   ServiceController[] controllers = ServiceController.GetServices();
   var cont = controllers.Where(c => c.ServiceName == "SPTimerV4");
   ServiceController svc = cont.FirstOrDefault();
   if (svc != null)
   {
       System.Management.SelectQuery query = new System.Management.SelectQuery(string.Format("select name, startname from Win32_Service where name = '{0}'", svc.ServiceName));
       using (System.Management.ManagementObjectSearcher searcher = new System.Management.ManagementObjectSearcher(query))
       {
           foreach (System.Management.ManagementObject service in searcher.Get())
           {
               retval = service["startname"] as string;
           }
       }
   }

   return retval;
}

Thursday, September 01, 2011

Recorded Webinar: Site Provisioning and Governance Assistant for SharePoint 2010

by Tony Bierman

Yesterday's Site Provisioning and Governance Assistant for SharePoint 2010 webinar was very well attended. Based on the webinar's turnout and the multitude of questions we received from participants, there is certainly a lot of interest in the features SPGA 2010 has to offer for SharePoint site creation and governance. Who can blame you for wanting to stop wasting so much valuable time creating, managing and governing SharePoint sites? It just makes sense that so many people are looking for a solution like SPGA 2010 to automate these processes.

Many of our clients asked us to post a recorded copy of the webinar for download. Here is a link to the recorded webinar, along with supporting materials. I've also included a link to the SPGA 2010 product page for more information.

Recorded SPGA 2010 Webinar (MP4)

Accompanying slides to SPGA 2010 Webinar (PDF)

SPGA 2010 Case Study: Howell Petroleum (PDF)

SPGA 2010 Case Study: Burns, Hoolihan and Winchester, LLC. (PDF)

Site Provisioning and Governance Assistant for SharePoint 2010 Product Page

If you have any questions, contact me here.