Set permission to a published service application (SharePoint Foundation 2010)
Applies to: SharePoint Foundation 2010
In Microsoft SharePoint Foundation 2010, you must establish a relationship between the publishing farm and the consuming farm by giving the consuming farm permission to the Application Discovery and Load Balancer Service Application on the publishing farm. After doing this, the consuming farm can be given permission to other service applications. This article describes how to configure permissions to the Application Discovery and Load Balancer Service Application and published service applications for the consuming farm.
Important
Before you start to configure publishing and consuming farms, we highly recommend that you read the articles Share service applications across farms (SharePoint Foundation 2010) and Services architecture planning (SharePoint Foundation 2010).
In this article:
Set permission to the Application Discovery and Load Balancer Service Application and any other service application for a consuming farm by using Windows PowerShell
Set permission to the Application Discovery and Load Balancer Service Application and any other service application for a consuming farm by using Central Administration
Important
You must perform steps 1 through 5 in the Windows PowerShell procedure to obtain the consuming farm ID, which you must have in order to complete either the Windows PowerShell or Central Administration procedures.
Set permission to the Application Discovery and Load Balancer Service Application and any other service application for a consuming farm by using Windows PowerShell
The first procedure explains how to set permission to the Application and Load Balancer Service Application. The second explains how to set permissions to any other service applications.
To set permission to the Application Discovery and Load Balancer Service Application for a consuming farm by using Windows PowerShell
Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On a server in the consuming farm, on the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command:
Get-SPFarm | Select IdFor more information, see Get-SPFarm.
On a server in the publishing farm, access the SharePoint 2010 Management Shell and at the Windows PowerShell command prompt, type the following commands:
$security=Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity $claimprovider=(Get-SPClaimProvider System).ClaimProvider $principal=New-SPClaimsPrincipal -ClaimType "https://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimprovider -ClaimValue <consumingfarmid> Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control" Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $securityWhere:
Consumingfarmid is the GUID value of the consuming farm
For more information, see the following:
To set permission to a published service application for a consuming farm by using Windows PowerShell
At the Windows PowerShell command prompt, type the following commands:
$security=Get-SPServiceApplication <GUID>| Get-SPServiceApplicationSecurity $claimprovider=(Get-SPClaimProvider System).ClaimProvider $principal=New-SPClaimsPrincipal -ClaimType "https://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimprovider -ClaimValue <consumingfarmid> Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights <NamedAccessRights> Set-SPServiceApplicationSecurity <GUID> -ObjectSecurity $securityWhere:
Consumingfarmid is the GUID value of the consuming farm
<GUID> is the ID of the published service application.
<NamedAccessRights> is the name of the access right from the Get-SPServiceApplicationSecurity <GUID>.NamedRights.
For more information, see the following:
Set permission to the Application Discovery and Load Balancer Service Application and any other published service application for a consuming farm by using Central Administration
This procedure explains how to set permission to any service application, but most specifically, the Application and Load Balancer Service Application.
Important
You must perform steps 1 through 5 in the Windows PowerShell procedure to obtain the consuming farm ID, which you must have in order to complete this procedure.
To set permission to the Application Discovery and Load Balancer Service Application and any other published service application for a consuming farm by using Central Administration
On the server that hosts the Central Administration Web site for the publishing farm, verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the SharePoint Central Administration Web site, click Application Management, and then click Manage service applications.
Click the row that contains Application Discovery and Load Balancer Service Application.
On the ribbon, click Permissions.
In the Connection Permissions dialog box, do the following:
Manually paste the ID of the consuming farm from Step 5 of the Windows PowerShell section.
Click Add.
Select the consuming farm ID, and then select the Full Control check box.
Click OK.
Repeat steps 2 through 5 for any published service applications for which you want to enable access from the consuming farm and assign the necessary permission.