Applies to: SharePoint Foundation 2013, SharePoint Server 2013 Enterprise

When you run this cmdlet to add a user to the SharePoint_Shell_Access role, you must have membership in the securityadmin fixed server role on the SQL Server instance, membership in the db_owner fixed database role on all affected databases, and local administrative permission on the local computer.

This cmdlet is intended only to be used with a database that uses Windows authentication. There is no need to use this cmdlet for databases that use SQL authentication; in fact, doing so may result in an error message.

Use the Add-SPShellAdmin cmdlet to add a user to the SharePoint_Shell_Access role as follows:

–If you specify only the user, the user is added to the role for the farm configuration database.

–If you use the database parameter, the user is added to the role on the farm configuration database, the Central Administration content database, and the specified database. Using the database parameter is the preferred method because most of the administrative operations require access to the Central Administration content database.

The user is added to the WSS_Admin_WPG group on all Web servers when the user is added to the SharePoint_Shell_Access role. If the target database does not have a SharePoint_Shell_Access role, the role is automatically created.

Add-SPShellAdmin -UserName CONTOSO\User1

This example adds a new user named User1 to the SharePoint_Shell_Access role in the farm configuration database only, and also ensures the user is added to the WSS_Admin_WPG local group on each server in the farm.

Ref: https://technet.microsoft.com/en-us/library/ff607596.aspx