在 SharePoint Server 中設定已發佈之服務應用程式的權限Set permissions to published service applications in SharePoint Server

摘要: 了解如何為 SharePoint Server 2016 和 SharePoint 2013 的使用伺服器陣列設定 Application Discovery and Load Balancing Service 應用程式及已發佈服務應用程式的權限。Summary: Learn how to configure permissions to the Application Discovery and Load Balancing Service Application and published service applications for the consuming farm in SharePoint Server 2016 and SharePoint 2013.

在 SharePoint Server 中,您必須將使用伺服器陣列權限提供給發佈伺服器陣列中的 Application Discovery and Load Balancing Service 應用程式,以建立發佈伺服器陣列與使用伺服器陣列間的關係。完成後,即可將其他服務應用程式的權限提供給使用伺服器陣列。In SharePoint Server, you must establish a relationship between the publishing farm and the consuming farm by giving the consuming farm permission to the Application Discovery and Load Balancing Service Application on the publishing farm. After doing this, the consuming farm can be given permission to other service applications.

在您開始作業之前,請檢閱<跨 SharePoint Server 伺服器陣列共用服務應用程式>,以取得必要條件的詳細資訊。Before you begin this operation, review Share service applications across farms in SharePoint Server for information about prerequisites.

重要

您必須執行 PowerShell 程序中的步驟 1 到 5,以取得使用伺服器陣列的識別碼,您必須具備該識別碼才能完成 PowerShell 或管理中心的程序。You must perform steps 1 through 5 in the PowerShell procedure to obtain the consuming farm ID, which you must have in order to complete either the PowerShell or Central Administration procedures.

使用 PowerShell 設定使用伺服器陣列之 Application Discovery and Load Balancing Service 應用程式及其他任何服務應用程式的權限Set permission to the Application Discovery and Load Balancing Service Application and any other service application for a consuming farm by using PowerShell

第一個程序說明如何設定 Application Discovery and Load Balancing Service 應用程式的權限。第二個程序說明如何設定其他任何服務應用程式的權限。The first procedure explains how to set permission to the Application Discovery and Load Balancing Service Application. The second explains how to set permissions to any other service applications.

使用 PowerShell 設定使用伺服器陣列之 Application Discovery and Load Balancing Service 應用程式的權限To set permission to the Application Discovery and Load Balancing Service Application for a consuming farm by using PowerShell

  1. 確認您具備下列成員身分:Verify that you have the following memberships:

    • SQL Server 執行個體上的 securityadmin 固定伺服器角色。securityadmin fixed server role on the SQL Server instance.

    • 所有要更新之資料庫上的 db_owner 固定資料庫角色。db_owner fixed database role on all databases that are to be updated.

    • 正在執行 PowerShell Cmdlet 之所在伺服器上的系統管理員群組。Administrators group on the server on which you are running the PowerShell cmdlets.

      系統管理員可以使用 Add-SPShellAdmin Cmdlet 授與使用 SharePoint Server Cmdlet 的權限。An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server cmdlets.

      注意

      如果您不具備上述權限,請連絡安裝程式系統管理員或 SQL Server 系統管理員要求權限。如需 PowerShell 權限的其他資訊,請參閱 Add-SPShellAdminIf you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.

  2. 啟動 SharePoint 管理命令介面。Start the SharePoint Management Shell.

  3. 在 PowerShell 命令提示字元中,輸入下列命令:At the PowerShell command prompt, type the following command:

    Get-SPFarm | Select Id
    

    如需詳細資訊,請參閱<Get-SPFarm>。For more information, see Get-SPFarm.

  4. 在發佈伺服器陣列的伺服器上,存取 SharePoint 管理命令介面,並在 PowerShell 命令提示字元處,輸入下列命令:On a server in the publishing farm, access the SharePoint Management Shell and at the PowerShell command prompt, type the following commands:

    $security=Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity
    $claimprovider=(Get-SPClaimProvider System).ClaimProvider
    $principal=New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimprovider -ClaimValue <consumingfarmid>
    Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"
    Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security
    

    Consumingfarmid 是使用伺服器陣列的 GUID 值這是您在管理中心區段需要的使用伺服器陣列識別碼。Where Consumingfarmid is the GUID value of the consuming farm. This is the ID of the consuming farm that you need in the Central Administration section.

    如需詳細資訊,請參閱下列文章:For more information, see the following:

使用 PowerShell 設定發佈伺服器陣列之已發佈服務應用程式的權限To set permission to a published service application for a publishing farm by using PowerShell

  1. 確認您具備下列成員身分:Verify that you have the following memberships:

    • SQL Server 執行個體上的 securityadmin 固定伺服器角色。securityadmin fixed server role on the SQL Server instance.

    • 所有要更新之資料庫上的 db_owner 固定資料庫角色。db_owner fixed database role on all databases that are to be updated.

    • 正在執行 PowerShell Cmdlet 之所在伺服器上的系統管理員群組。Administrators group on the server on which you are running the PowerShell cmdlets.

    • 請以高於上述基本要求新增必要的成員資格。Add memberships that are required beyond the minimums above.

      系統管理員可以使用 Add-SPShellAdmin Cmdlet 授與使用 SharePoint Server Cmdlet 的權限。An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server cmdlets.

      注意

      如果您不具備上述權限,請連絡安裝程式系統管理員或 SQL Server 系統管理員要求權限。如需 PowerShell 權限的其他資訊,請參閱 Add-SPShellAdminIf you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.

  2. 啟動 SharePoint 管理命令介面。Start the SharePoint Management Shell.

  3. 在 PowerShell 命令提示字元中,輸入下列命令:At the PowerShell command prompt, type the following command:

    $sa = Get-SPServiceApplication -Name '<Service Application DisplayName>'
    $security=Get-SPServiceApplication $sa | Get-SPServiceApplicationSecurity
    $claimprovider=(Get-SPClaimProvider System).ClaimProvider
    $principal=New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimprovider -ClaimValue <consumingfarmid>
    Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights <NamedAccessRights>
    Set-SPServiceApplicationSecurity $sa -ObjectSecurity $security
    

其中:Where:

使用 管理中心 設定使用伺服器陣列之 Application Discovery and Load Balancing Service 應用程式及其他已發佈服務應用程式的權限Set permission to the Application Discovery and Load Balancing Service Application and any other published service application for a consuming farm by using Central Administration

此程序說明如何設定任何服務應用程式的權限,但最主要是針對 Application and Load Balancing Service 應用程式。This procedure explains how to set permission to any service application, but most specifically, the Application and Load Balancing Service Application.

重要

您必須執行 PowerShell 程序中的步驟 1 到 5,以取得完成此程序所需的使用伺服器陣列識別碼。You must perform steps 1 through 5 in the PowerShell procedure to obtain the consuming farm ID, which you must have in order to complete this procedure.

使用管理中心來使用伺服器陣列之 Application Discovery and Load Balancing Service 應用程式及其他已發佈服務應用程式的權限To set permission to the Application Discovery and Load Balancing Service Application and any other published service application for a consuming farm by using Central Administration

  1. 在架設發佈伺服器陣列之 SharePoint 管理中心網站的伺服器上,確認執行此程序的使用者帳戶為 SharePoint 伺服器陣列管理員群組的成員。On the server that hosts the SharePoint Central Administration website for the publishing farm, verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.

  2. 在管理中心中按一下 [應用程式管理]*,然後按一下 [管理服務應用程式]On Central Administration, click **Application Management, and then click **Manage service applications*.

  3. 按一下包含 [Application Discovery and Load Balancing Service 應用程式]**** 的列。Click the row that contains Application Discovery and Load Balancing Service Application.

  4. 在功能區上,按一下 [權限]*On the ribbon, click *Permissions.

  5. 在 [連線權限]**** 對話方塊中,執行下列動作:In the Connection Permissions dialog box, do the following:

    • 手動貼上使用伺服器陣列的識別碼。當您先前使用 <consumingfarmid>,已在 PowerShell 區段找到識別碼。Manually paste the ID of the consuming farm. You found the ID earlier in the PowerShell section when you used <consumingfarmid>.

    • 按一下 [新增]*Click *Add.

    • 選取使用伺服器陣列識別碼,然後選取 [完全控制]**** 核取方塊。Select the consuming farm ID, and then select the Full Control check box.

    • 按一下 [確定]*Click *OK.

  6. 針對您要啟用使用伺服器陣列的存取權並指派必要權限之任何已發佈的服務應用程式,重複步驟 2 到 5。Repeat steps 2 through 5 for any published service applications for which you want to enable access from the consuming farm and assign the necessary permission.

注意

若要啟用 User Profile Service 應用程式的存取,您必須將權限提供給使用伺服器陣列之 Web 應用程式的應用程式集區識別 (亦即 DOMAIN\Username),而不是提供給使用伺服器陣列識別碼。To enable access to the User Profile service application, you must give the consuming farm's web application pool identity (that is, DOMAIN\Username) the permission instead of the consuming farm ID.

另請參閱See also

概念Concepts

跨 SharePoint Server 伺服器陣列共用服務應用程式Share service applications across farms in SharePoint Server