Monthly Archives: November 2015

Hide Webpart for Anonymous users, show only to logged in users

When searching for a simple and elegant solution to hide a webpart for anonymous users and show it only to logged in users, I couldn’t find a Powershell way to do it.

Though it was quite easy in retrospect when I found the CSharp code and explored the possibilities of the out of the box Audience.

AudienceManager audienceManager = new AudienceManager(ServerContext.Current);
webPartManager.WebParts[0].AuthorizationFilter = string.Format(“{0};;;;”, audienceManager.GetAudience(“Audience 1”).AudienceID);

The powershell way:

 

Of course you need a Web, a Page and a WebPartManager and  then create a new webpart or get an existing webpart.

A working example where a new webpart is added on the welcomepage:

 

Add-SPShellAdmin: Cannot add x to the SharePoint_Shell_Access role

Have you seen this error before in one form or another while installing or administrating SharePoint 2013?
Found solutions saying to change database settings/accounts?
Here is the solution that does not break anything and keeps everything in the correct configuration on your farm and databases. The only problem is security, but this might be OK when it’s only temporarily. It seems the best option when using scripted installation and a single script creates the databases and adds the ShellAdmin rights to Application Pool accounts for instance.

The error I expect you have had:

Add-SPShellAdmin :
“Cannot add domain\portal-apppool-service-account to the SharePoint_Shell_Access role of the database prefix_Profile. A possible cause of this error is that the account name was already added to the database as a login using a different user name than the account name.”
At Drive:\InstallDir\SP2013\AutoSPInstaller\AutoSPInstallerFunctions.ps1:3217 char:67
+ Get-SPDatabase | ? {$_.Name -eq $profileDB} | Add-SPShellAdmin …
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share…AddSPShellAdmin:SPCmdletAddSPShellAdmin) [Add-SPShellAdmin], ArgumentException
+ FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletAddSPShellAdmin

The solution for problems during installation and configuration:

Grant your current account (install/setup, administrator or IT-Pro manage account) the SQL Sysadmin role.
After this, you can have SharePoint follow up on the Add-SPShellAdmin activities. So re-issue the Add-SPShellAdmin command and voilà. Afterwords remove the sysadmin role in SQL.

The solution when trying to give SPShellAdmin rights to your SP install account:

Change the db owner of the affected SharePoint database.
If somehow the account you want to give ShellAdmin rights is configured as owner with username dbo and the loginname you are trying to use in the Powershell command, it will not work either way. This only happens with the install account.

dbo user name in SQL, with SP Install account as login name.

dbo user name in SQL, with SP Install account as login name.

In this case, the message is really correct, the account was already added to the database as a login using a different username, as the dbo username. You can run this SQL Query, which only affects rights and does not violate the Microsoft Guidelines. After this, you can have SharePoint follow up on the Add-SPShellAdmin activities. So re-issue the Add-SPShellAdmin command and voilà.

Use database_name
Exec sp_changedbowner 'sa'

 

In my case, the problem occurred during the AutoSPInstaller installation of my SharePoint farm, with adding the Application Pool account of my Portal WebApplication the ShellAdmin rights to my User Profile Service Application -Profile database. A generic script which solves the issue, once the SQL role is added to the setup account which you are using to correct the issue, can be along the lines of:

#This script works on On-Premise environments with 2 or more WebApplications, of which one WebApplication is dedicated for MySites.
You can also define the account manually and run it like this: Add-SPShellAdmin -UserName "domain\username" -Database ( Get-SPDatabase | ?{$_.Type -eq "Microsoft.Office.Server.Administration.ProfileDatabase"} )
 

 

A nice explanation on what Add-SPShellAdmin actually does can be found on this site: http://andersrask.sharepointspace.com/Lists/Posts/Post.aspx?ID=12.

Failure checking user access permissions for User Profile Application Proxy

Oh, and the error when the shelladmin rights are not provided to the portal application pool account on the User Profile – Profile database will cause these errors (found in SharePoint ULS Logs) when opening your Search Center:

SearchUXMonitoredScope::OnDisposing System.Data.SqlClient.SqlException (0x80131904)
Application error when access /SearchCenter/Pages/default.aspx
Failure checking user access permissions for User Profile Application Proxy ‘User Profile Service Application’.
System.Data.SqlClient.SqlException (0x80131904): The EXECUTE permission was denied on the object ‘Admin_GetPartitionProperties’, database ‘prefix_Profile’, schema ‘dbo’.     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
Getting Error Message for Exception System.Web.HttpUnhandledException (0x80004005):