在 SharePoint Server 中設定物件快取使用者帳戶Configure object cache user accounts in SharePoint Server

摘要:了解如何設定 SharePoint Server 2016 和 SharePoint Server 2013 中的物件快取所使用的 Portal Super User 與 Portal Super Reader 帳戶。Summary: Learn how to configure the Portal Super User and Portal Super Reader accounts that are used by the object cache in SharePoint Server 2016 and SharePoint Server 2013.

物件快取儲存在 SharePoint Server 中項目相關的屬性。它會呈現網頁時所發佈功能使用此快取中的項目。物件快取的目標是以減少在其執行 SQL Server、 之電腦上的負載和改善要求延遲與輸送量。物件快取為其中一個兩個現成可用的使用者帳戶進行其查詢: Portal Super User 與 Portal Super Reader。這些使用者帳戶必須正確設定以確保物件快取運作正常。Portal Super User 帳戶必須具有完全控制存取權的 web 應用程式的帳戶。Portal Super Reader 帳戶必須具有 web 應用程式的完整讀取權限的帳戶。The object cache stores properties about items in SharePoint Server. Items in this cache are used by the publishing feature when it renders web pages. The goals of the object cache are to reduce the load on the computer on which SQL Server is running, and to improve request latency and throughput. The object cache makes its queries as one of two out-of-box user accounts: the Portal Super User and the Portal Super Reader. These user accounts must be properly configured to ensure that the object cache works correctly. The Portal Super User account must be an account that has Full Control access to the web application. The Portal Super Reader account must be an account that has Full Read access to the web application.

重要

Portal Super User 與 Portal Super Reader 帳戶必須是獨立的帳戶,且不能是用來登入網站的帳戶。The Portal Super User and Portal Super Reader accounts must be separate accounts, and they must not be accounts that will ever be used to log in to the site.

本文說明這些物件快取使用者帳戶為何必須設定並說明如何設定的帳戶。物件快取的相關資訊,請參閱SharePoint Server 中的快取設定操作This article explains why these object cache user accounts must to be configured and describes how to configure the accounts. For information about the object cache, see Cache settings operations in SharePoint Server.

在 SharePoint Server 進行查詢的使用者帳戶具有連結的項目查詢。發佈功能的各種部分提出的查詢的結果快取中的物件快取。這些結果快取根據提出查詢的使用者。若要最佳化快取點擊的率和記憶體需求,查詢必須根據使用者是否可以看到草稿項目。當發佈控制項要求來進行查詢來取得此控制項的資料物件快取時、 快取不為提出要求的使用者進行查詢,但是改用兩次會查詢的使: 一次做 Portal Super User 帳戶以及一次入口網站進階讀者 account。下列兩個查詢的結果會儲存在物件快取。Portal Super User 帳戶的結果包括草稿項目和 Portal Super Reader 帳戶結果包含的已發佈的項目。物件快取接著會檢查起始要求並將適當的結果傳回根據該使用者是否可以看到草稿項目的該使用者的使用者存取控制清單 (Acl)。將 Portal Super User 與 Portal Super Reader 帳戶新增至 web 應用程式、 快取必須儲存只有兩位使用者的結果。這會增加查詢會傳回並減少儲存快取所需的記憶體數量的結果數目。In SharePoint Server, querying for items is linked with the user account that makes the query. Various parts of the publishing feature make queries for which the results are cached in the object cache. These results are cached based on the user making the query. To optimize the cache hit rate and memory requirements, the queries must be based on whether a user can see draft items. When a publishing control requests the object cache to make a query to get data for the control, the cache makes the query, not as the user making the request, but instead it makes the query twice: once as the Portal Super User account and once as the Portal Super Reader account. The results of these two queries are stored in the object cache. The results for the Portal Super User account include draft items, and the results for the Portal Super Reader account include only published items. The object cache then checks the access control lists (ACLs) for the user who initiated the request and returns the appropriate results to that user based on whether that user can see draft items. By adding the Portal Super User and Portal Super Reader accounts to the web application, the cache must store results for only two users. This increases the number of results that are returned for a query and decreases the amount of memory that is needed to store the cache.

根據預設,Portal Super User 帳戶是網站的系統帳戶,且 Portal Super Reader 帳戶 NT Authority\Local Service。有兩個主要的問題與使用現成可用的帳戶。By default, the Portal Super User account is the site's System Account, and the Portal Super Reader account is NT Authority\Local Service. There are two main issues with using the out-of-box accounts.

  1. 第一個問題即的某些項目取得取出給系統帳戶,讓這些項目包含在查詢時所進行的項目已取出版本會傳回而不是最新公開的發行版本。這是問題因為它是不新使用者預期想要有傳回,因此具有進行擷取正確的版本檔案的第二個查詢的快取。這造成負面影響伺服器效能包含這些項目之每個要求。任何具有項目已取出,如果該使用者的帳戶已設為 Portal Super User 帳戶的使用者會發生同樣的問題。這是設定為可 Portal Super User 與 Portal Super Reader 帳戶不應該是用來登入網站的使用者帳戶的原因。這可確保使用者不會不經意檢查出的項目和效能原因問題。The first issue is that some items get checked out to System Account, so when a query that includes these items is made, the checked out version of the item is returned instead of the latest published version. This is a problem because it is not what a user would expect to have returned, so the cache has to make a second query to fetch the correct version of the file. This negatively affects server performance for every request that includes these items. The same problem would occur for any user who has items checked out, if that user's account was set to be the Portal Super User account. This is why the accounts configured to be the Portal Super User and the Portal Super Reader should not be user accounts that are used to log into the site. This ensures that the user does not inadvertently check items out and cause problems with performance.

  2. 預設的 Portal Super Reader 帳戶是 NT Authority\Local Service 未正確解析宣告驗證應用程式中。因此,如果 Portal Super Reader 帳戶未明確設定宣告驗證應用程式,瀏覽至下此應用程式的網站集合會導致 「 拒絕存取 」 錯誤,即使為網站管理員。明確地使用物件快取,例如 SharePoint Server 發佈基礎結構、 中繼資料導覽、 內容查詢網頁組件或瀏覽任何功能會使用任何網站上會發生此錯誤。The default Portal Super Reader account is NT Authority\Local Service, which is not correctly resolved in a claims authentication application. As a result, if the Portal Super Reader account is not explicitly configured for a claims authentication application, browsing to site collections under this application will result in an "Access Denied" error, even for the site administrator. This error will occur on any site that uses any feature that explicitly uses the object cache, such as the SharePoint Server Publishing Infrastructure, metadata navigation, the Content Query Web Part, or navigation.

使用管理中心和 Windows PowerShell 設定物件快取使用者帳戶Configure object cache user accounts by using Central Administration and Windows PowerShell

您可以設定物件快取的使用者帳戶的 SharePoint 管理中心網站和 Microsoft PowerShell。您必須先在管理中心建立帳戶並使用 PowerShell 然後新增至 web 應用程式的帳戶。您必須將使用者帳戶新增至每個 web 應用程式。You can configure the user accounts for the object cache by the the SharePoint Central Administration website and Microsoft PowerShell. You must first create the accounts in Central Administration and then add the accounts to the web application by using PowerShell. You must add the user accounts to each web application.

警告

在此程序的結尾,您必須重設網際網路資訊服務 (IIS) 將變更套用至 web 應用程式。請務必時要執行此程序會有很少中斷連線到網站的使用者。如需 IISReset 的詳細資訊,請參閱IIS 重設活動At the end of this procedure, you must reset Internet Information Services (IIS) to apply the changes to the web application. Be sure to perform this procedure when there will be minimal disruption to users that are connected to the site. For more information about IISReset, see IIS Reset Activity.

使用管理中心建立使用者帳戶To create the user accounts by using Central Administration

  1. 請確認執行此程序的使用者帳戶為執行 SharePoint 管理中心網站之電腦上伺服器陣列管理員群組的成員。Verify that the user account that is performing this procedure is a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration website.

  2. 在管理中心的 [應用程式管理] 區段中按一下 [管理 web 應用程式,並再按您想要設定的 web 應用程式的名稱。In Central Administration, in the Application Management section, click Manage web applications, and then click the name of the web application that you want to configure.

  3. 在 [ Web 應用程式] 索引標籤的 [原則] 群組中按一下 [使用者原則]。On the Web Applications tab, in the Policy group, click User Policy.

  4. 在 Web 應用程式視窗原則中,按一下 [新增使用者]。In the Policy for Web Application window, click Add Users.

  5. 從 [區域] 清單中選取 [所有區域],並再按 [下一步From the Zones list, select All zones, and then click Next.

  6. 在 [使用者] 方塊中輸入 Portal Super User 帳戶的使用者名稱,然後按一下 [檢查名稱以確保可以由應用程式伺服器上的驗證提供者解析帳戶名稱。In the Users box, type the user name for the Portal Super User account and then click Check Names to ensure that the account name can be resolved by the authentication providers on the application server.

  7. 在 [選擇權限] 區段中核取 [完全控制-具有完全控制權] 方塊和 [完成時間In the Choose Permissions section, check the Full Control - Has full control box and then click Finish.

  8. 重複步驟 5 到 7 Portal Super Reader 帳戶。Repeat Steps 5 through 7 for the Portal Super Reader account.

  9. 在 [選擇權限] 區段中,檢查 [完全讀取-具有完整唯讀權限] 方塊中。In the Choose Permissions section, check the Full Read - Has full read-only access box.

  10. 按一下 [完成]。Click Finish.

  11. 請記下的 [使用者名稱] 欄中顯示的物件快取進階讀者及物件快取 Super User 帳戶的名稱的方式。顯示的字串會根據您使用宣告式驗證的 web 應用程式不同。Make note of how the names for the Object Cache Super Reader and Object Cache Super User accounts are displayed in the User Name column. The displayed strings will be different depending on whether you are using claims authentication for the web application.

    若要使用 Microsoft PowerShell 將使用者帳戶新增至 web 應用程式To add the user accounts to the web application by using Microsoft PowerShell

  12. 確認您具備下列成員資格:Verify that you have the following memberships:

    • SQL Server 執行個體上的 securityadmin 固定伺服器角色。securityadmin fixed server role on the SQL Server instance.

    • 所有要更新之資料庫上的 db_owner 固定資料庫角色。db_owner fixed database role on all databases that are to be updated.

    • 正在執行 PowerShell Cmdlet 之所在伺服器上的系統管理員群組。Administrators group on the server on which you are running PowerShell cmdlets.

    • 請以高於上述基本要求新增必要的成員資格。Add memberships that are required beyond the minimums above.

      系統管理員可以使用 Add-SPShellAdmin Cmdlet 授與使用 SharePoint Server Cmdlet 的權限。An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server cmdlets.

      注意

      [!附註] 如果您不具備上述權限,請連絡安裝程式系統管理員或 SQL Server 系統管理員要求權限。如需 PowerShell 權限的其他資訊,請參閱<權限>與 Add-SPShellAdminIf you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Permissions and Add-SPShellAdmin.

  13. 將下列程式碼貼到記事本等文字編輯器:Paste the following code into a text editor, such as Notepad:

    $wa = Get-SPWebApplication -Identity "<WebApplication>"
    $wa.Properties["portalsuperuseraccount"] = "<SuperUser>"
    $wa.Properties["portalsuperreaderaccount"] = "<SuperReader>"
    $wa.Update()
    
  14. 以下列值取代預留位置:Replace the following placeholders with values:

    • <WebApplication>_是要新增帳戶的 web 應用程式的名稱。<WebApplication>_ is the name of the web application to which the accounts will be added.

    • <SuperUser>_是當您看到其顯示提及之 [使用者欄的前一程序步驟 14 中使用 Portal Super User 帳戶的帳戶。<SuperUser>_ is the account to use for the Portal Super User account as you saw it displayed in the User Column field mentioned in Step 14 of the previous procedure.

    • <SuperReader>_是用來使用 Portal Super Reader 帳戶如您所見它顯示在 [使用者欄] 欄位中的前一程序步驟 14 所提及帳戶。<SuperReader>_ is account to use for the Portal Super Reader account as you saw it displayed in the User Column field mentioned in Step 14 of the previous procedure.

  15. 儲存檔案並將其命名為 SetUsers.ps1。Save the file, naming it SetUsers.ps1.

    注意

    您可以使用不同的檔案名稱,但是您必須將檔案儲存為文字檔,副檔名為.ps1的 ANSI 編碼。You can use a different file name, but you must save the file ANSI-encoded as a text file whose extension is .ps1.

  16. 關閉文字編輯器。Close the text editor.

  17. 開啟 [ SharePoint 管理命令介面]。Open SharePoint Management Shell.

  18. 變更至您儲存檔案的目錄。Change to the directory where you saved the file.

  19. 在 PowerShell 命令提示字元處輸入下列命令:./SetUsers.ps1At the PowerShell command prompt, type the following command: ./SetUsers.ps1

  20. 重設網際網路資訊服務 (IIS)。如需 IISReset 的詳細資訊,請參閱 <啟動或停止網頁伺服器 (IIS 8)Reset Internet Information Services (IIS). For more information about IISReset, see Start or Stop the Web Server (IIS 8).

另請參閱See also

概念Concepts

Cache settings operations in SharePoint ServerCache settings operations in SharePoint Server