8/8/2019 Share Point User and Per Missions Levels http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 1/22 Permissions Permission is rights given to a person/user to do something on your site: to view, create, delete, or edit something. There are three kinds of permissions: • List permissions provides rights with lists and list items, such as adding or deleting lists, adding or deleting columns in lists, or adding or deleting items in lists. • Site permissions allows access at site and sub site level, such as adding pages or subsites, or managing permissions for other users. • Personal permissions provides user to manage their own personal view of the site, creating personal views of lists, libraries, and add or delete personal Web Parts. To see the permission levels assigned to groups for your site: 1. Click Site Actions, and then click Site Permissions to see the permissions page. 2. On permissions page, click Permission Levels. The Permission Levels page opens, with a description of each Permission level and a link for editing the permission level. Farm administrators Farm administrator has permissions to all servers in the server farm. Members of the Farm Administrators group do not need to be added to the Administrators group for each server. Farm Administrators group have ability to manage the Central Administration site Members of Farm Administrators group have no administrative access to individual sites or their content by default. But can take control of a specific site collection to view any content. For example, if a site collection administrator leaves the organization and a new administrator must be added, farm administrators can add themselves as site collection administrators. To create Farm Administrator 1. Create your new account to be used as a new Farm Administrator 2. Make this account a Local Administrator on the SharePoint machine 3. Open Central Administrationand navigate to the OperationsPage 4. In Security Configuration section click Update farm administrator's grouplink
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Permission is rights given to a person/user to do something on your site: to view, create,
delete, or edit something.
There are three kinds of permissions:
• List permissions provides rights with lists and list items, such as adding or
deleting lists, adding or deleting columns in lists, or adding or deleting items in
lists.
• Site permissions allows access at site and sub site level, such as adding pages or
subsites, or managing permissions for other users.
• Personal permissions provides user to manage their own personal view of the site,
creating personal views of lists, libraries, and add or delete personal Web Parts.
To see the permission levels assigned to groups for your site:
1. Click Site Actions, and then click Site Permissions to see the permissions page.
2. On permissions page, click Permission Levels.
The Permission Levels page opens, with a description of each Permission level and a link for editing the permission level.
Farm administrators
Farm administrator has permissions to all servers in the server farm. Members of the
Farm Administrators group do not need to be added to the Administrators group for eachserver. Farm Administrators group have ability to manage the Central Administration site
Members of Farm Administrators group have no administrative access to individual sites
or their content by default. But can take control of a specific site collection to view anycontent. For example, if a site collection administrator leaves the organization and a new
administrator must be added, farm administrators can add themselves as site collection
administrators.
To create Farm Administrator
1. Create your new account to be used as a new Farm Administrator 2. Make this account a Local Administrator on the SharePoint machine
3. Open Central Administration and navigate to the Operations Page
4. In Security Configuration section click Update farm administrator's group link
8. In Site Settings page, in the Users and Permissions section, click Site CollectionAdministrators link
9 In the Site Collection Administrators field enter the account of the user and then click
OK.
10 We need to add new user as a Site Collection Administrator to the SSP Site.
Navigate through Site Actions -> Site Settings, select the Site Collection Administrators
link and then add the new user there.
11 Now we need to set up the relevant permissions for this new user, so, from the SSPHome Page in the User Profiles and My Sites section click the Personalization services
16 In Add Users/Groups page add the new user's account and give them all the
permissions (check all the boxes) then click save
At this point you have set up a new user that now is a full-fledged Farm Administrator. Note that you didn't have to give them SSP access if you didn't want to. If your
security/administration requires different people for those roles you could set up different
users for each.
Server-level (system) administrators
Server-level Administrator group members on local server computer are automaticallyadded to Farm Administrators group and can perform all farm administrator actions
Server-level Administrators group is a Windows group, not a Share Point group, but the
Administrators group on local computer performs certain administrative tasks in
Windows Share Point Services. Like farm administrators, members of the Administratorsgroup on the local computer have no administrative access to site content.
But they can control specific site collections. In order to have control, they can addthemselves as site collection administrators by using the Site Collection Administrators
page in Central Administration.
To add Windows domain security groups and users accounts to SharePoint groups:
1. On the home page of the site, click Site Actions, point to Site Settings, and then
click People and Groups.
2. On the People and Groups page, in the Quick Launch, click Groups.
3. Click the name of the SharePoint group to which you want to add groups and
users.
4. Note To add all domain user accounts to the group, click Add all authenticatedusers. For example, you can do this for the default Visitors SharePoint group togive all domain user accounts permission to read the content on your site.
5. Verify that Added users to SharePoint group is selected and that the correct group
is selected, and then click OK.
Site collection administrators
Site collection administrators have Full Control permission level on content within a sitecollection. From the site collection level, site collection administrators manage settings
(such as site collection features, site collection audit settings, and site collection policies)
from the Site Settings page for the top-level site. A site collection administrator is a user
in database that states they can perform all tasks within a site collection, including alltasks for specific sites with a site collection.
Add a site collection administrator
1. In Central Administration, on the top link bar, click Application Management.
2. On the Application Management page, in the SharePoint Site Managementsection, click Site collection administrators.
3. If the selected site is not the site for which you want to manage administrators, on
the Site Collection Administrators page, on the Site Collection menu in the SiteCollection section, click Change Site Collection.
o In the Select Site Collection dialog box, select the site for which you wantto manage administrators.
o Click OK.
4. In either the Primary site collection administrator box or the Secondary site
collection administrator box, enter the user name of the user to whom you want to
assign that role.5. Click OK.
Site administratorSite administrator have Full Control permission level on the site, either directly or by being a member of a SharePoint group —for example, the Owners group that has the Full
Control permission level on the site. Site owners can perform tasks related to the siteonly, not the entire site collection.
and new Internet InformationServices (IIS) Web sites.
Perform all farm-level tasks
in Central Administration
Administer individual
sites or site content.Administer databases.
Farm Administrator Perform administrative tasks
in Central AdministrationTake ownership of any
content site.
Administer individual
sites or site content unlessthey take ownership of the
site.
Site administrator Perform administration for
the site only, not the entire
site collection.Perform administrative tasks
for documents, lists, and
libraries.
Access the Central
Administration site.
Site collection
administrator
Perform all administration
tasks for sites within the site
collection.
Access the Central
Administration site.
Create a group
1. On the home page of the site, click Site Actions, point to Site Settings, and then
click People and Groups.
2. Type a name for the group, and then type a brief description of the group's
attributes.
3. To change the owner of the group, type a new account name, or click Browse to
find an individual's account name.
4. In the Group Settings section, click the options to specify who can see the
members of this group and who can add or remove members.
5. In the Membership Requests section, click the options to specify whether you will
accept requests to be added or removed from this group, and to add the e-mailaddress that users can send requests to. If you select Auto-accept requests, users
are automatically added or removed when they make a request.
7. In Group Permission to this Site section, select the permission level that you want
to allow for this group.
8. Click Create.
Add users to groups
1. On the site home page, click the Site Actions menu, point to Site Settings, and
2. On the People and Groups page, on the Quick Launch, click Groups.
3. Click the name of the group to which you want to add users.
4. On the People and Groups: Group name page, on the new menu, click Add Users.5. On the Add Users page, type the account names that you want to add, or browse
to find users from Active Directory service.
6. In the Give Permission section, be sure that an Add user to a SharePoint group isselected and that the correct group is displayed.
7. Click OK.
SharePoint Permission levels and permissions:
Although sites that are built on Windows SharePoint Servicesoften have additional default SharePoint groups, Windows
SharePoint Services 3.0 includes five permission levels by
default. Each of these permission levels has specificpermissions associated with it. As a site owner, you can choose
which permissions are associated with these permission levels(except for the Limited Access and Full Control permission
levels) or add new permission levels to combine different setsof permissions.
NOTE Prior to Windows SharePoint Services 3.0, permission
levels were called site groups and SharePoint groups werecalled cross-site groups.
As a site owner, you can associate permissions with permission
levels and also associate permission levels with users andSharePoint groups. Users and SharePoint groups are associated
with securable objects such as sites, lists, list items, libraries,folders within lists and libraries, and documents. For more
information about assigning permissions in different securable
objects, see about controlling access to sites and site content.
The following tables list and describe the permission levels that
you can assign to users and SharePoint groups and the
permissions you can assign to permission levels. For eachpermission, the permission level that it is associated with it, by
default, is listed. For each permission, any permissionsdependent on it are listed, as well as any default permission
levels that include the permission.
Default permission levels in Windows SharePoint Services 3.0
Full Control This permission level contains all permissions.
Assigned to the Site name Owners SharePointgroup, by default. This permission level cannot be
customized or deleted.
Design Can create lists and document libraries, edit pages
and apply themes, borders, and style sheets in theWeb site. Not assigned to any SharePoint group,
by default.
Contribute Can add, edit, and delete items in existing lists and
document libraries. Assigned to the Site name
Members SharePoint group, by default.
Read Read-only access to the Web site. Users and
SharePoint groups with this permission level can
view items and pages, open items, and documents.Assigned to the Site name Visitors SharePoint
group, by default.
LimitedAccess
The Limited Access permission level is designed tobe combined with fine-grained permissions to give
users access to a specific list, document library,item, or document, without giving them access tothe entire site. However, to access a list or library,
for example, a user must have permission to openthe parent Web site and read shared data such as
the theme and navigation bars of the Web site.
The Limited Access permission level cannot becustomized or deleted.
NOTE You cannot assign this permission level tousers or SharePoint groups. Instead, Windows
SharePoint Services 3.0 automatically assigns thispermission level to users and SharePoint groupswhen you grant them access to an object on your
site that requires that they have access to a higherlevel object on which they do not have
permissions. For example, if you grant users
access to an item in a list and they do not haveaccess to the list itself, Windows SharePoint
Services 3.0 automatically grants them LimitedAccess on the list, and also the site, if needed.
List, site, and personal permissions
Windows SharePoint Services 3.0 includes 33 permissions,which are used in the five default permission levels. You canchange which permissions are included in a particular
permission level (except for the Limited Access and Full Control
permission levels) or create a new permission level to contain aspecific set of permissions that you specify.
Permissions are categorized as list permissions, site
permissions, and personal permissions, depending upon theobjects to which they can be applied. For example, site
permissions apply to a particular site, list permissions applyonly to lists and libraries, and personal permissions apply only
to things like personal views, private Web Parts, etc. Thefollowing tables show permissions and the permission levels