Add a User or Group to the SPWebApplication User Policy for all Web Applications in the farm - Joe Rodgers - Site Home

Here are some PowerShell example to add a domain user or group to the User Policy for a SharePoint 2010 Web Application.

In this example, we’ll give domain\user01 “FullRead” permissions to the SharePoint Web Application http://sharepoint2010. This could be useful if you need to grant a domain account FullRead for searching.

$userOrGroup = "domain\user01" $displayName = "Search Crawl Account" Get-SPWebApplication http://sharepoint2010 | foreach { $webApp = $_ $policy = $webApp.Policies.Add($userOrGroup, $displayName) $policyRole = $webApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullRead) $policy.PolicyRoleBindings.Add($policyRole) $webApp.Update() }

In this example, we’ll give domain\user02 “FullControl” permissions to all of the SharePoint Web Applications in the farm:

$userOrGroup = "domain\user02"    
$displayName = "SharePoint Admin"     
    
Get-SPWebApplication | foreach {     
    $webApp = $_     
    $policy = $webApp.Policies.Add($userOrGroup, $displayName)     
    $policyRole = $webApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl)     
    $policy.PolicyRoleBindings.Add($policyRole)     
    $webApp.Update()     
}