Upload
sujai-senthil
View
213
Download
0
Embed Size (px)
Citation preview
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 1/22
Permissions
Permission is rights given to a person/user to do something on your site: to view, create,
delete, or edit something.
There are three kinds of permissions:
• List permissions provides rights with lists and list items, such as adding or
deleting lists, adding or deleting columns in lists, or adding or deleting items in
lists.
• Site permissions allows access at site and sub site level, such as adding pages or
subsites, or managing permissions for other users.
• Personal permissions provides user to manage their own personal view of the site,
creating personal views of lists, libraries, and add or delete personal Web Parts.
To see the permission levels assigned to groups for your site:
1. Click Site Actions, and then click Site Permissions to see the permissions page.
2. On permissions page, click Permission Levels.
The Permission Levels page opens, with a description of each Permission level and a link for editing the permission level.
Farm administrators
Farm administrator has permissions to all servers in the server farm. Members of the
Farm Administrators group do not need to be added to the Administrators group for eachserver. Farm Administrators group have ability to manage the Central Administration site
Members of Farm Administrators group have no administrative access to individual sites
or their content by default. But can take control of a specific site collection to view anycontent. For example, if a site collection administrator leaves the organization and a new
administrator must be added, farm administrators can add themselves as site collection
administrators.
To create Farm Administrator
1. Create your new account to be used as a new Farm Administrator 2. Make this account a Local Administrator on the SharePoint machine
3. Open Central Administration and navigate to the Operations Page
4. In Security Configuration section click Update farm administrator's group link
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 2/22
5. From the action bar click New -> Add Users
6. In Add Users page add the account of the created user by adding them to FarmAdministrators SharePoint Group click OK
7. we need to add this user as one of the Site Collection Administrators for the CA Site.
So from any of the CA pages navigate to Site Actions -> Site Settings
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 3/22
8. In Site Settings page, in the Users and Permissions section, click Site CollectionAdministrators link
9 In the Site Collection Administrators field enter the account of the user and then click
OK.
10 We need to add new user as a Site Collection Administrator to the SSP Site.
Navigate through Site Actions -> Site Settings, select the Site Collection Administrators
link and then add the new user there.
11 Now we need to set up the relevant permissions for this new user, so, from the SSPHome Page in the User Profiles and My Sites section click the Personalization services
permissions link
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 4/22
12 In action bar click the Add Users/Groups link
13 In Add Users/Groups page add new user's account and give them all the permissions
(check all the boxes) then click save
14 Navigate back to SSP Home Page and in Business Data Catalog section click Business
Data Catalog permissions link
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 5/22
15 In action bar click the Add Users/Groups link
16 In Add Users/Groups page add the new user's account and give them all the
permissions (check all the boxes) then click save
At this point you have set up a new user that now is a full-fledged Farm Administrator. Note that you didn't have to give them SSP access if you didn't want to. If your
security/administration requires different people for those roles you could set up different
users for each.
Server-level (system) administrators
Server-level Administrator group members on local server computer are automaticallyadded to Farm Administrators group and can perform all farm administrator actions
Server-level Administrators group is a Windows group, not a Share Point group, but the
Administrators group on local computer performs certain administrative tasks in
Windows Share Point Services. Like farm administrators, members of the Administratorsgroup on the local computer have no administrative access to site content.
But they can control specific site collections. In order to have control, they can addthemselves as site collection administrators by using the Site Collection Administrators
page in Central Administration.
To add Windows domain security groups and users accounts to SharePoint groups:
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 6/22
1. On the home page of the site, click Site Actions, point to Site Settings, and then
click People and Groups.
2. On the People and Groups page, in the Quick Launch, click Groups.
3. Click the name of the SharePoint group to which you want to add groups and
users.
4. Note To add all domain user accounts to the group, click Add all authenticatedusers. For example, you can do this for the default Visitors SharePoint group togive all domain user accounts permission to read the content on your site.
5. Verify that Added users to SharePoint group is selected and that the correct group
is selected, and then click OK.
Site collection administrators
Site collection administrators have Full Control permission level on content within a sitecollection. From the site collection level, site collection administrators manage settings
(such as site collection features, site collection audit settings, and site collection policies)
from the Site Settings page for the top-level site. A site collection administrator is a user
in database that states they can perform all tasks within a site collection, including alltasks for specific sites with a site collection.
Add a site collection administrator
1. In Central Administration, on the top link bar, click Application Management.
2. On the Application Management page, in the SharePoint Site Managementsection, click Site collection administrators.
3. If the selected site is not the site for which you want to manage administrators, on
the Site Collection Administrators page, on the Site Collection menu in the SiteCollection section, click Change Site Collection.
o In the Select Site Collection dialog box, select the site for which you wantto manage administrators.
o Click OK.
4. In either the Primary site collection administrator box or the Secondary site
collection administrator box, enter the user name of the user to whom you want to
assign that role.5. Click OK.
Site administratorSite administrator have Full Control permission level on the site, either directly or by being a member of a SharePoint group —for example, the Owners group that has the Full
Control permission level on the site. Site owners can perform tasks related to the siteonly, not the entire site collection.
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 7/22
SharePoint group Can do Cannot do
Server level
Administrators
Create new Web applications
and new Internet InformationServices (IIS) Web sites.
Perform all farm-level tasks
in Central Administration
Administer individual
sites or site content.Administer databases.
Farm Administrator Perform administrative tasks
in Central AdministrationTake ownership of any
content site.
Administer individual
sites or site content unlessthey take ownership of the
site.
Site administrator Perform administration for
the site only, not the entire
site collection.Perform administrative tasks
for documents, lists, and
libraries.
Access the Central
Administration site.
Site collection
administrator
Perform all administration
tasks for sites within the site
collection.
Access the Central
Administration site.
Create a group
1. On the home page of the site, click Site Actions, point to Site Settings, and then
click People and Groups.
2. Type a name for the group, and then type a brief description of the group's
attributes.
3. To change the owner of the group, type a new account name, or click Browse to
find an individual's account name.
4. In the Group Settings section, click the options to specify who can see the
members of this group and who can add or remove members.
5. In the Membership Requests section, click the options to specify whether you will
accept requests to be added or removed from this group, and to add the e-mailaddress that users can send requests to. If you select Auto-accept requests, users
are automatically added or removed when they make a request.
7. In Group Permission to this Site section, select the permission level that you want
to allow for this group.
8. Click Create.
Add users to groups
1. On the site home page, click the Site Actions menu, point to Site Settings, and
then click People and Groups.
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 8/22
2. On the People and Groups page, on the Quick Launch, click Groups.
3. Click the name of the group to which you want to add users.
4. On the People and Groups: Group name page, on the new menu, click Add Users.5. On the Add Users page, type the account names that you want to add, or browse
to find users from Active Directory service.
6. In the Give Permission section, be sure that an Add user to a SharePoint group isselected and that the correct group is displayed.
7. Click OK.
SharePoint Permission levels and permissions:
Although sites that are built on Windows SharePoint Servicesoften have additional default SharePoint groups, Windows
SharePoint Services 3.0 includes five permission levels by
default. Each of these permission levels has specificpermissions associated with it. As a site owner, you can choose
which permissions are associated with these permission levels(except for the Limited Access and Full Control permission
levels) or add new permission levels to combine different setsof permissions.
NOTE Prior to Windows SharePoint Services 3.0, permission
levels were called site groups and SharePoint groups werecalled cross-site groups.
As a site owner, you can associate permissions with permission
levels and also associate permission levels with users andSharePoint groups. Users and SharePoint groups are associated
with securable objects such as sites, lists, list items, libraries,folders within lists and libraries, and documents. For more
information about assigning permissions in different securable
objects, see about controlling access to sites and site content.
The following tables list and describe the permission levels that
you can assign to users and SharePoint groups and the
permissions you can assign to permission levels. For eachpermission, the permission level that it is associated with it, by
default, is listed. For each permission, any permissionsdependent on it are listed, as well as any default permission
levels that include the permission.
Default permission levels in Windows SharePoint Services 3.0
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 9/22
PERMISSIONLEVEL
DESCRIPTION
Full Control This permission level contains all permissions.
Assigned to the Site name Owners SharePointgroup, by default. This permission level cannot be
customized or deleted.
Design Can create lists and document libraries, edit pages
and apply themes, borders, and style sheets in theWeb site. Not assigned to any SharePoint group,
by default.
Contribute Can add, edit, and delete items in existing lists and
document libraries. Assigned to the Site name
Members SharePoint group, by default.
Read Read-only access to the Web site. Users and
SharePoint groups with this permission level can
view items and pages, open items, and documents.Assigned to the Site name Visitors SharePoint
group, by default.
LimitedAccess
The Limited Access permission level is designed tobe combined with fine-grained permissions to give
users access to a specific list, document library,item, or document, without giving them access tothe entire site. However, to access a list or library,
for example, a user must have permission to openthe parent Web site and read shared data such as
the theme and navigation bars of the Web site.
The Limited Access permission level cannot becustomized or deleted.
NOTE You cannot assign this permission level tousers or SharePoint groups. Instead, Windows
SharePoint Services 3.0 automatically assigns thispermission level to users and SharePoint groupswhen you grant them access to an object on your
site that requires that they have access to a higherlevel object on which they do not have
permissions. For example, if you grant users
access to an item in a list and they do not haveaccess to the list itself, Windows SharePoint
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 10/22
Services 3.0 automatically grants them LimitedAccess on the list, and also the site, if needed.
List, site, and personal permissions
Windows SharePoint Services 3.0 includes 33 permissions,which are used in the five default permission levels. You canchange which permissions are included in a particular
permission level (except for the Limited Access and Full Control
permission levels) or create a new permission level to contain aspecific set of permissions that you specify.
Permissions are categorized as list permissions, site
permissions, and personal permissions, depending upon theobjects to which they can be applied. For example, site
permissions apply to a particular site, list permissions applyonly to lists and libraries, and personal permissions apply only
to things like personal views, private Web Parts, etc. Thefollowing tables show permissions and the permission levels
they are assigned to, by default.
List Permissions
PERMISSION FULL
CONTROL
DESIGN CONTRIBUTE READ LIMITED
ACCESS
Manage Lists X X
Override
Check-Out
X X
Add Items X X X
Edit Items X X X
Delete Items X X X
View Items X X X X
Approve ItemsX X
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 11/22
Open Items X X X X
View Versions X X X X
Delete
Versions
X X X
Create Alerts X X X X
View
ApplicationPages
X X X X X
Site Permissions
PERMISSION FULL
CONTROL
DESIGN CONTRIBUTE READ LIMITED
ACCESS
ManagePermissions
X
View Usage
Data
X
Create
Subsites
X
Manage Web
Site
X
Add andCustomize
Pages
X X
Apply Themesand Borders
X X
Apply Style
Sheets
X X
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 12/22
Create Groups X
Browse
Directories
X X X
Use Self-Service Site
Creation
X X X X
View Pages X X X X
Enumerate
Permissions
X
Browse User
Information
X X X X X
Manage Alerts X
Use Remote
Interfaces
X X X X X
Use ClientIntegration
Features
X X X X X
Open X X X X X
Edit Personal
User
Information
X X X
Personal Permissions
PERMISSION FULLCONTROL
DESIGN CONTRIBUTE READ LIMITEDACCESS
Manage
Personal Views
X X X
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 13/22
Add/RemovePrivate Web
Parts
X X X
Update
Personal WebParts
X X X
Default permission levels
Microsoft SharePoint Foundation 2010 includes five permissionlevels by default. You can customize the permissions available
in these permission levels (except for the Limited Access andFull Control permission levels), or you can create customized
permission levels that contain only the permissions you need.
Note:
Although you cannot directly edit the Limited Access and FullControl permission levels, you can make permissions
unavailable for the entire Web application, which removes
those permissions from the Limited Access and Full Controlpermission levels. For more information, see "Manage
permissions for a Web application" in the Central
Administration Help system.
Permission
level Description
Permissions included by
default
Limited
Access
Allows access to shared
resources in the Web
site so users can accessan item within the site.
Designed to becombined with fine-
grained permissions togive users access to aspecific list, document
library, item, ordocument, without
giving users access to
the entire site. Cannot
View Application Pages,
Browse User
Information, Use RemoteInterfaces, Use Client
Integration Features,Open
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 14/22
be customized ordeleted.
Read Read-only access to theWeb site.
Limited Accesspermissions plus: View
Items, Open Items, ViewVersions, Create Alerts,Use Self-Service Site
Creation, View Pages
Contribute Can create and edit
items in existing listsand document libraries.
Read permissions plus:
Add Items, Edit Items,Delete Items, Delete
Versions, Browse
Directories, EditPersonal User
Information, ManagePersonal Views,
Add/Remove Personal
Web Parts, UpdatePersonal Web Parts
Design Can create lists anddocument libraries and
edit pages in the Website.
Contribute permissionsplus: Manage Lists,
Override Check Out,Approve Items, Add and
Customize Pages, Apply
Themes and Borders,Apply Style Sheets
FullControl
Full control of the scope. All permissions
User permissions
SharePoint Foundation 2010 includes 32 permissions, which
are used in the five default permission levels. You can change
which permissions are included in a particular permission level
(except for the Limited Access and Full Control permissionlevels), or you can create a new permission level to containspecific permissions.
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 15/22
List permissions
Permission Description
Dependent
permissions
Included inthese
permission
levels by default
Manage
Lists
Create and delete
lists, add orremove columns in
a list, and add or
remove publicviews of a list.
View Items,
View Pages,Open, Manage
Personal
Views
Design, Full
Control
OverrideCheck Out
Discard or check ina document that is
checked out toanother userwithout saving the
current changes.
View Items,View Pages,
Open
Design, FullControl
Add Items Add items to lists,
and adddocuments to
document
libraries.
View Items,
View Pages,Open
Contribute,
Design, FullControl
Edit Items Edit items in lists,
edit documents indocument
libraries, and
customize WebPart Pages in
documentlibraries.
View Items,
View Pages,Open
Contribute,
Design, FullControl
DeleteItems
Delete items froma list, and
documents from a
document library.
View Items,View Pages,
Open
Contribute,Design, Full
Control
View Items View items in lists,
and documents indocument
libraries.
View Pages,
Open
Read,
Contribute,Design, Full
Control
Approve Approve minor Edit Items, Design, Full
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 16/22
Items versions of listitems or
documents.
View Items,View Pages,
Open
Control
Open Items View the source of
documents withserver-side filehandlers.
View Items,
View Pages,Open
Read,
Contribute,Design, FullControl
ViewVersions
View past versionsof list items or
documents.
View Items,Open Items,
View Pages,Open
Read,Contribute,
Design, FullControl
Delete
Versions
Delete past
versions of listitems or
documents.
View Items,
ViewVersions,
View Pages,Open
Contribute,
Design, FullControl
CreateAlerts
Create e-mailalerts.
View Items,View Pages,
Open
Read,Contribute,
Design, Full
Control
View
ApplicationPages
View forms, views,
and applicationpages. Enumerate
lists.
Open All
Site permissions
Permission Description
Dependent
permissions
Included in
these
permissionlevels by
default
Manage
Permissions
Create and
change
permission levelson the Web site
and assignpermissions to
users and groups.
View Items,
Open Items,
View Versions,Browse
Directories,View Pages,
Enumerate
Permissions,Browse User
Full Control
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 17/22
Information,Open
View UsageData
View reports onWeb site usage.
View Pages,Open
Full Control
CreateSubsites
Create subsitessuch as team
sites, Meeting
Workspace sites,and Document
Workspace sites.
View Pages,Browse User
Information,
Open
Full Control
Manage Web
Site
Perform all
administration
tasks for the Website, and manage
content.
View Items,
Add and
CustomizePages, Browse
Directories,View Pages,
Enumerate
Permissions,Browse User
Information,Open
Full Control
Add andCustomize
Pages
Add, change, ordelete HTML
pages or WebPart pages, andedit the Web site
by using aWindows
SharePoint
Services-compatible editor.
View Items,Browse
Directories,View Pages,Open
Design, FullControl
ApplyThemes and
Borders
Apply a theme orborders to the
entire Web site.
View Pages,Open
Design, FullControl
Apply Style
Sheets
Apply a style
sheet (.css file) to
the Web site.
View Pages,
Open
Design, Full
Control
Create
Groups
Create a group of
users that can be
View Pages,
Browse User
Full Control
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 18/22
used anywherewithin the site
collection.
Information,Open
Browse
Directories
Enumerate files
and folders in aWeb site by usingMicrosoft
SharePointDesigner 2010
and Web DAVinterfaces.
View Pages,
Open
Contribute,
Design, FullControl
Use Self-
Service SiteCreation
Create a Web site
by using Self-Service Site
Creation.
View Pages,
Browse UserInformation,
Open
Read,
Contribute,Design, Full
Control
View Pages View pages in a
Web site.
Open Read,
Contribute,
Design, FullControl
EnumeratePermissions
Enumeratepermissions on
the Web site, list,folder, document,
or list item.
BrowseDirectories,
View Pages,Browse User
Information,Open
Full Control
Browse User
Information
View information
about users of theWeb site.
Open All
ManageAlerts
Manage alerts forall users of the
Web site.
View Items,View Pages,
Open
Full Control
Use Remote
Interfaces
Use SOAP, Web
DAV, orSharePointDesigner 2010
interfaces to
access the Website.
Open All
Use Client Use features that Use Remote All
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 19/22
IntegrationFeatures
start clientapplications.
Without thispermission, users
must work on
documents locallyand then upload
their changes.
Interfaces,Open
Open Open a Web site,
list, or folder toaccess items
inside that
container.
None All
Edit
PersonalUser
Information
Users can change
their own userinformation, such
as adding a
picture.
Browse User
Information,Open
Contribute,
Design, FullControl
Personal permissions
Permission Description
Dependent
permissions
Included inthese permission
levels by default
Manage
Personal Views
Create, change,
and deletepersonal views
of lists.
View Items,
View Pages,Open
Contribute,
Design, FullControl
Add/Remove
Personal WebParts
Add or remove
personal WebParts on a Web
Part page.
View Items,
View Pages,Open
Contribute,
Design, FullControl
UpdatePersonal Web
Parts
Update WebParts to display
personalizedinformation.
View Items,View Pages.
Open
Contribute,Design, Full
Control
How do create new permissions levels:
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 20/22
1.Site Actions--------Select Site Settings
2. Select the Site Permissions------- Settings--------Permissions
levels
3. Click on Add a permissions levels
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 21/22
4. It should open the ‘Add a new Permissions level’.
8/8/2019 Share Point User and Per Missions Levels
http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 22/22