在 SharePoint Server 中設定備份及還原權限Configure backup and restore permissions in SharePoint Server

摘要: 了解如何設定 SharePoint Server 2016 和 SharePoint 2013 的備份與還原作業權限。Summary: Learn how to configure permissions for backup and restore operations in SharePoint Server 2016 and SharePoint 2013.

您可以使用 SharePoint 管理中心網站或 Microsoft PowerShell 設定 SharePoint Server 的備份與還原權限。所使用的備份工具會視已部署的環境類型、備份排程需求以及與組織建立的服務等級協定而定。You can configure backup and restore permissions for SharePoint Server by using the SharePoint Central Administration website or Microsoft PowerShell. The backup tool that you use depends on the kind of environment that you have deployed, your backup schedule requirements, and service level agreements that you have made with your organization.

開始之前Before you begin

在備份或還原 SharePoint Server 之前,必須確保計時器服務帳戶、SQL Server 服務帳戶,以及執行備份或還原作業的使用者具備正確的權限,或者為正確的 Windows 安全性群組或 SharePoint 群組的成員。第一次部署 SharePoint Server 時,必須設定這些權限和群組成員資格。當您新增伺服器陣列元件至環境中,以及想新增執行備份與還原作業的使用者時,您必須更新權限和群組成員資格。Before you back up or restore SharePoint Server, you must make sure that the timer service account, SQL Server service account, and users who run the backup or restore operations have the correct permissions or are members of the correct Windows security groups or SharePoint groups. You must configure these permissions and group memberships when you first deploy SharePoint Server. You have to update permissions and group memberships when you add new farm components to the environment and if you want to add users who will perform backup and restore operations.

SharePoint Server 中 SharePoint 計時器服務與 SQL Server 帳戶的權限Permissions for the SharePoint Timer service and SQL Server account in SharePoint Server

SharePoint Server 中 SharePoint 計時器伺服器與 SQL Server 服務帳戶代表使用者執行備份與還原作業。這些服務帳戶需要獲得任何備份資料夾上的 [完全控制] 權限。The SharePoint Timer Server and the SQL Server service account in SharePoint Server perform backup and restore operations on behalf of users. These service accounts require Full Control permissions on any backup folders.

在管理中心中執行備份與還原作業所需的群組成員資格Group memberships required to run backup and restore operations in Central Administration

您必須確保使用管理中心備份或還原伺服器陣列及伺服器陣列元件的所有使用者帳戶,具備下表中所述的群組成員資格。You must make sure all user accounts that use Central Administration to back up or restore your farm and farm components have the group memberships that are described in the following table.

伺服器陣列元件Farm component 本機電腦上系統管理員群組的成員Member of Administrators group on the local computer SharePoint 伺服器陣列管理員群組的成員Member of Farm Administrators SharePoint group
伺服器陣列Farm
Yes
No
服務應用程式Service Application
Yes
No
內容資料庫Content Database
Yes
No
網站集合Site Collection
No
Yes
網站、清單、文件庫Site, list, document library
No
Yes

使用 PowerShell 設定執行 SharePoint 備份與還原作業的權限Setting permissions to run SharePoint backup and restore operations by using PowerShell

您必須確保將使用 PowerShell 備份或還原伺服器陣列及伺服器陣列元件的所有使用者帳戶,新增至指定資料庫的 SharePoint_Shell_Access 角色中,並確保這些使用者帳戶具備本節稍後表格中所述的權限。You must make sure that all user accounts that use PowerShell to back up or restore your farm and farm components are added to the SharePoint_Shell_Access role for a specified database and have the permissions described in the table later in this section.

您可以執行 Add-SPShellAdmin Cmdlet 新增使用者帳戶至角色中。您必須為每個使用者帳戶執行此命令。此外,您必須為您要授與存取權的所有資料庫執行此命令。You can run the Add-SPShellAdmin cmdlet to add a user account to this role. You must run the command for each user account. Moreover, you must run the command for all databases to which you want to grant access.

注意

您只需向使用者帳戶授與備份,以及還原特定伺服器陣列元件的存取權一次。僅在新增新伺服器陣列元件至環境中時,或僅在您想新增使用者以執行備份與還原作業時,才需要再次執行此工作。You only have to grant a user account access to back up and restore a specific farm component one time. You will have to perform this task again only when you add new farm components to your environment or when you want to add users to perform backup and restore operations.

重要

Add-SPShellAdmin Cmdlet 會授與 SPDataAccess 角色,但這並不足以完成還原作業。這是由於 restore-spsite Cmdlet 使用直接插入陳述式來新增內容,而非可容納其他互動的預存程序。 Add-SPShellAdmin Cmdlet 在 SharePoint 2010 中可順利運作是因為作為 SPDataAccess 結構描述的一部分,它新增了 dbo 權限。對於 SharePoint Server 2016 和 SharePoint 2013,必須要有 db_owner 固定資料庫角色權限,才能從 SharePoint 管理命令介面 管理命令介面完成還原作業。The Add-SPShellAdmin cmdlet grants the SPDataAccess role but this is not enough to complete the restore operation. This is because the restore-spsite cmdlet uses direct insert statements to add content rather than stored procedures which accommodate other interactions. The Add-SPShellAdmin cmdlet worked fine in SharePoint 2010 because as part of the SPDataAccess schema it added dbo permissions. For SharePoint Server 2016 and SharePoint 2013 the db_owner fixed database role permissions are required to complete restore operations from the SharePoint Management Shell.

使用 PowerShell 從 SharePoint_Shell_Access 角色新增或移除使用者To add a user to or remove a user from the SharePoint_Shell_Access role by using PowerShell

  1. 確認您具備下列成員身分:Verify that you have the following memberships:

    • SQL Server 執行個體上的 securityadmin 固定伺服器角色。securityadmin fixed server role on the SQL Server instance.

    • 所有要更新之資料庫上的 db_owner 固定資料庫角色。db_owner fixed database role on all databases that are to be updated.

    • 正在執行 PowerShell Cmdlet 之所在伺服器上的系統管理員群組。Administrators group on the server on which you are running the PowerShell cmdlets.

      系統管理員可以使用 Add-SPShellAdmin Cmdlet 授與使用 SharePoint Server Cmdlet 的權限。An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server cmdlets.

      注意

      如果您不具備上述權限,請連絡安裝程式系統管理員或 SQL Server 系統管理員要求權限。如需 PowerShell 權限的其他資訊,請參閱 Add-SPShellAdminIf you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.

  2. 啟動 SharePoint 管理命令介面。Start the SharePoint Management Shell.

  3. 在 PowerShell 命令提示字元中,輸入下列命令:At the PowerShell command prompt, type the following command:

    Add-SPShellAdmin -Username <User account> -Database <Database ID>
    

    其中:Where:

    • <資料庫識別碼> 是指定給資料庫的 GUID。<Database ID> is the GUID assigned to the database.

      若要新增使用者帳戶至伺服器陣列中的所有資料庫,請輸入下列命令:To add a user account to all the databases in the farm, type the following command:

    ForEach ($db in Get-SPDatabase) {Add-SPShellAdmin -Username <User account> -Database $db}
    

    其中:Where:

    • <User account> 是要新增帳戶的使用者。<User account> is the user whose account you want to add.

      若要從伺服器陣列中的所有資料庫移除使用者帳戶,請輸入下列命令:To remove a user account from all the databases in the farm, type the following command:

    ForEach ($db in Get-SPDatabase) {Remove-SPShellAdmin -Username <User account> -Database $db}
    

    其中:Where:

    • <使用者帳戶> 是要移除帳戶的使用者。<User account> is the user whose account you want to remove.

      若要檢視目前新增至伺服器陣列之資料庫的使用者帳戶,請輸入下列命令:To view the user accounts currently added to the databases in the farm, type the following command:

    ForEach ($db in Get-SPDatabase) {Get-SPShellAdmin -Database $db}
    

如需詳細資訊,請參閱<Add-SPShellAdmin>。For more information, see Add-SPShellAdmin.

注意

建議您在執行命令列管理工作時使用 Windows PowerShell。Stsadm 命令列工具已過時,但為與舊版產品相容,仍會隨附提供。We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

您可能還必須使用 PowerShell 對執行備份或還原作業的使用者授與其他權限。下表顯示必要的權限。You might also have to grant additional permissions to the users who run the backup or restore operation by using PowerShell. The following table shows the permissions that are required.

伺服器陣列元件Farm component 本機電腦上系統管理員群組的成員Member of Administrators group on the local computer SharePoint 伺服器陣列管理員群組的成員Member of Farm Administrators SharePoint group 備份資料夾上的完全控制Full control on backup folder
伺服器陣列Farm
Yes
No
Yes
服務應用程式Service Application
Yes
No
Yes
內容資料庫Content Database
Yes
No
Yes
網站集合Site Collection
No
Yes
Yes
網站、清單、文件庫Site, list, document library
Yes
No
Yes

另請參閱See also

概念Concepts

在 SharePoint Server 中規劃備份和修復Plan for backup and recovery in SharePoint Server

在 SharePoint Server 中準備備份及還原伺服器陣列Prepare to back up and restore farms in SharePoint Server

SharePoint Server 的備份與復原概觀Overview of backup and recovery in SharePoint Server