Export (0) Print
Expand All

Configure backup and restore permissions in SharePoint 2013

SharePoint 2013
 

Applies to: SharePoint Server 2013, SharePoint Foundation 2013

Topic Last Modified: 2014-06-18

Summary: Learn how to configure permissions for backup and restore operations in SharePoint 2013.

You can configure backup and restore permissions for SharePoint 2013 by using the SharePoint Central Administration website or Windows PowerShell. The backup tool that you use depends on the kind of environment that you have deployed, your backup schedule requirements, and service level agreements that you have made with your organization.

ImportantImportant:
The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server 2013, except for configuring permissions for service applications, some of which are only available in SharePoint Server 2013. For example, the following service applications apply only to SharePoint Server 2013:
  • Business Data Connectivity

  • Managed Metadata Service

  • PerformancePoint Services

  • SharePoint Translation Services

  • State Service

  • Word Automation Services

In this article:

Before you back up or restore SharePoint 2013, you must make sure that the timer service account, SQL Server service account, and users who run the backup or restore operations have the correct permissions or are members of the correct Windows security groups or SharePoint groups. You must configure these permissions and group memberships when you first deploy SharePoint 2013. You have to update permissions and group memberships when you add new farm components to the environment and if you want to add users who will perform backup and restore operations.

NoteNote:
Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

The Windows SharePoint Services Timer V4 (SPTimerV4) and the SQL Server service account in SharePoint 2013 perform backup and restore operations on behalf of users. These service accounts require Full Control permissions on any backup folders.

You must make sure all user accounts that use Central Administration to back up or restore your farm and farm components have the group memberships that are described in the following table.

 

Farm component Member of Administrators group on the local computer Member of Farm Administrators SharePoint group

Farm

Yes

No

Service Application

Yes

No

Content Database

Yes

No

Site Collection

No

Yes

Site, list, document library

No

Yes

You must make sure that all user accounts that use Windows PowerShell to back up or restore your farm and farm components are added to the SharePoint_Shell_Access role for a specified database and have the permissions described in the table later in this section.

You can run the Add-SPShellAdmin cmdlet to add a user account to this role. You must run the command for each user account. Moreover, you must run the command for all databases to which you want to grant access.

NoteNote:
You only have to grant a user account access to back up and restore a specific farm component one time. You will have to perform this task again only when you add new farm components to your environment or when you want to add users to perform backup and restore operations.
To add a user to or remove a user from the SharePoint_Shell_Access role by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 Products cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. On the Start menu, click All Programs.

  3. Click Microsoft SharePoint 2013 Products.

  4. Click SharePoint 2013 Management Shell.

  5. At the Windows PowerShell command prompt, type the following command:

    Add-SPShellAdmin -Username <User account> -Database <Database ID>
    

    Where:

    • <Database ID> is the GUID assigned to the database.

    To add a user account to all the databases in the farm, type the following command:

    ForEach ($db in Get-SPDatabase) {Add-SPShellAdmin -Username <User account> -Database $db}
    

    Where:

    • <User account> is the user whose account you want to add.

    To remove a user account from all the databases in the farm, type the following command:

    ForEach ($db in Get-SPDatabase) {Remove-SPShellAdmin -Username <User account> -Database $db}
    

    Where:

    • <User account> is the user whose account you want to remove.

    To view the user accounts currently added to the databases in the farm, type the following command:

    ForEach ($db in Get-SPDatabase) {Get-SPShellAdmin -Database $db}
    

For more information, see Add-SPShellAdmin.

NoteNote:
We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

You might also have to grant additional permissions to the users who run the backup or restore operation by using Windows PowerShell. The following table shows the permissions that are required.

 

Farm component Member of Administrators group on the local computer Member of Farm Administrators SharePoint group Full control on backup folder

Farm

Yes

No

Yes

Service Application

Yes

No

Yes

Content Database

Yes

No

Yes

Site Collection

No

Yes

Yes

Site, list, document library

Yes

No

Yes

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft