Home » sharepoint » sharepoint_1 » Care Must be Exercised when Granting Site Collection Administrator Privileges to SharePoint Users

Care Must be Exercised when Granting Site Collection Administrator Privileges to SharePoint Users

We discuss the process by which SharePoint 2010 Farm Administrators can set up Site Collection Administrators in a video training class that is available to the public. As we explain, the process of setting up a Site Collection includes designating a specific user (and, optionally, a second user as a secondary) in the role of Site Collection Administrator. Bear in mind that these roles are set in the Central Administration screens for SharePoint 2010; therefore, only users with privileges at the highest level of SharePoint Sites will have the authority to perform the actions included in our video training class on this topic.

A point that ought to be carefully considered prior to assigning Site Collection Administrator roles to users is that, once these roles have been specified in Central Administration for specific site collections, then additional users can be granted Site Collection Administrator privileges at the site collection level. Our video class on this topic demonstrates the procedure of adding users at the Site Collection level. The point to consider is that, with no need to access Central Administration to make these additions, a potential security issue arises, albeit one that is specific to a site collection. In sum, a designated Site Collection Administrator can empower users with privileges that may be better restricted to a SharePoint Farm Administrator. We have had numerous conversations with SharePoint 2010 Administrators where we have noted the fact that, in general, most SharePoint 2010 implementations feature few Site Collection Administrators beyond the Farm Administrators who are responsible for the overall implementation.

Further, Site Collection Administrators are served with all of the Site Collection administration functions from the Site Setting screens, whereas these same functions do not appear on the screens for SharePoint administrators, nor do they appear for Site owners. Lastly, as we point out, utmost care ought to be exercised over granting these privileges as these users will be able to “administer any site within the site collection, even if that person has not been given any permissions for the site. Everybody in the site collection admin group is able to administer everything in the site collection itself.” (excerpted from Asif Rehmani’s audio narrative for this video training class).

Generally, we do not recommend granting this level of privilege to users outside of the Farm Administrator group. If you would like to revise the permission structure for your users and would like to utilize third party services, we would welcome your contact. We can certainly provide you with referrals to subject matter experts who will likely be able to deliver a revised permissions set for your SharePoint community quickly and within a preset budget. Please contact us by telephone at +1 (630) 786-7026. Alternatively, you can contact us by email with any questions you may have about this video, the InfoPath 2010 set, and possible applications for individual as well as organizational-level viewing and use.

As ever, use this link to place an order for an annual subscription to SharePoint-Videos instructional content

© Rehmani Consulting Inc, all rights reserved