Configuring permissions for backup and recovery (SharePoint Foundation 2010)
Applies to: SharePoint Foundation 2010
Before backing up or restoring Microsoft SharePoint Foundation 2010, you must ensure that the timer service account, SQL Server service account, and users running the backup or restore operations have the correct permissions or are members of the correct Windows security groups or SharePoint groups. These permissions and group memberships must be configured initially. Subsequently, they must be updated when new farm components are added to the environment and if you want to add users who will perform backup and restore operations.
In this topic:
Permissions for the SPTimerV4 timer service and SQL Server account
Group memberships required to run backup and restore operations in Central Administration
Setting permissions for running backup and restore operations from Windows PowerShell
Permissions for the SPTimerV4 timer service and SQL Server account
The Windows SharePoint Services Timer V4 (SPTimerV4) and the SQL Server service account in SharePoint Foundation 2010 perform backup and restore operations on behalf of the user. These service accounts require Full Control permissions on any backup folders.
Group memberships required to run backup and restore operations in Central Administration
You must ensure that all user accounts that will be backing up or restoring your farm and farm components by using Central Administration have the group memberships that are described in the following table.
Required group memberships
Farm component | Member of Administrators group on the local computer | Member of Farm Administrators SharePoint group |
---|---|---|
Farm |
Yes |
No |
Content Database |
Yes |
No |
Site Collection |
No |
Yes |
Site, list, document library |
No |
Yes |
Setting permissions for running backup and restore operations by using Windows PowerShell
You must ensure that all user accounts that will be backing up or restoring your farm and farm components by using Windows PowerShell are added to the SharePoint_Shell_Access role for a specified database and have the permissions described in the table later in this section.
You can run the Add-SPShellAdmin
cmdlet to add a user account to this role. You must run the command for each user account. Moreover, you must run the command for all databases to which you want to grant access.
Note
You only need to grant a user account access to back up and restore a specific farm component one time. You will have to perform this task again only when new farm components are added to your environment or when you want to add users to perform backup and restore operations.
To add a user to or remove a user from the SharePoint_Shell_Access role by using Windows PowerShell
Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:
Add-SPShellAdmin -Username <User account> -Database <Database ID>
To add a user account to all the databases in the farm, type the following command, and then press ENTER:
ForEach ($db in Get-SPDatabase) {Add-SPShellAdmin -Username <User account> -Database $db}
To remove a user account from all the databases in the farm, type the following command, and then press ENTER:
ForEach ($db in Get-SPDatabase) {Remove-SPShellAdmin -Username <User account> -Database $db}
To view the user accounts currently added to the databases in the farm, type the following command, and then press ENTER:
ForEach ($db in Get-SPDatabase) {Get-SPShellAdmin -Database $db}
For more information, see Add-SPShellAdmin.
You might also have to grant additional permissions to the users running the backup or restore operation by using Windows PowerShell. The following table shows the permissions that are required.
Required permissions for Windows PowerShell
Farm component | Member of Administrators group on the local computer | Member of Farm Administrators SharePoint group | Full Control on backup folder |
---|---|---|---|
Farm |
Yes |
No |
Yes |
Content database |
Yes |
No |
Yes |
Site collection |
No |
Yes |
Yes |
Site, list, document library |
Yes |
No |
Yes |
See Also
Other Resources
Resource Center: Business Continuity Management for SharePoint Foundation 2010