Any suggestions? Export (0) Print
Expand All



Applies to: SharePoint Server 2010, SharePoint Foundation 2010

Topic Last Modified: 2010-02-15

Adds a new security principal to an SPObjectSecurity object.

Grant-SPObjectSecurity [-Identity] <SPObjectSecurity> [-Principal] <SPClaim> [-Rights] <String[]> [-AssignmentCollection <SPAssignmentCollection>] [-Replace <SwitchParameter>]

The Grant-SPObjectSecurity cmdlet adds a new security principal, such as a user, to a SPObjectSecurity object. An SPObjectSecurity object is a common object that is used to represent the security access control list (ACL) of SharePoint administrative objects, in particular, service applications.


Parameter Required Type Description




Specifies the SPObjectSecurity object to which the new security principal is added. You can use the Get-SPServiceApplicationSecurity cmdlet to get a SPObjectSecurity object .




Specifies the principal to whom the rights apply.

The type must a valid name a principal; for example, Full Control.




Specifies the rights granted to the principal.

The type must a valid array of strings that represents the rights granted to the principal.




Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.

When the Global parameter is used, all objects are contained in the global store. If objects are not immediately used, or disposed of by using the Stop-SPAssignment command, an out-of-memory scenario can occur.




Replaces the existing rights on the SPObjectSecurity object with the new rights specified. If this parameter is not specified, the new rights are added to the existing rights.


$security = Get-SPServiceApplicationSecurity $serviceApp -Admin
Grant-SPObjectSecurity $security $principal "Full Control"
Set-SPServiceApplicationSecurity $serviceApp -Admin $security

This example retrieves the SPObjectSecurity object corresponding to the administrator ACL on a service application, and adds a new user principal to that ACL. The new user is an administrator for the service application $serviceApp.

© 2016 Microsoft