Setting SharePoint 2013 User Profile Service Application Permissions Using PowerShell

My last post about the SharePoint 2013 MySite Newsfeed and required additional permissions on the User Profile Service Application dealt with adding the required permissions to the UPSA using the SharePoint 2013 GUI. Alternatively, you can add the required permissions using PowerShell:

1
2
3#Grab a reference to the User Profile Service Application  $serviceapp  \= Get\-SPServiceApplication | where {$\_.DisplayName \-eq  "User Profile Service Application"} #Return the SPObjectSecurity object for the Service Application  $security  \= Get\-SPServiceApplication $serviceapp  | Get\-SPServiceApplicationSecurity #Setup our claim provider  $claimprovider  \= (Get\-SPClaimProvider System).ClaimProvider #Specify the required principal  $principal  \= New\-SPClaimsPrincipal "Domain\\UPSAppAccount"  \-IdentityType WindowsSamAccountName #Grant the required permissions on the Service Application  Grant\-SPObjectSecurity \-Identity $security  \-Principal $principal  \-Rights "Full Control" Set\-SPServiceApplicationSecurity $serviceapp  \-ObjectSecurity $security

Using PowerShell allows us to add this part of the configuration to a script rather than having a manual step to perform once the PowerShell has completed (as we all know, these additional manual steps tend to get forgotten).