Home » sharepoint » SharePoint 2010 » Working with SharePoint Server 2010 Security Groups

Working with SharePoint Server 2010 Security Groups

When new site collections are created in SharePoint Server 2010, as Asif Rehmani, SharePoint MVP and MCT, notes in a video tutorial titled: Working with SharePoint Security Groups, ” . . . only [the site collection administrator] has permissions on [the] site”. Users must be assigned permissions by the site collection administrator in order to access the web page for the site collection.

This tutorial explains that, initially, “it makes sense to give everyone [already listed in Active Directory and directly associated with your team] at least visitor rights”. For a SharePoint Administrator, a rapid method of adding all of these people with simply a few clicks and completing one text box is as follows:

  • Go to Site Actions
  • then Site Permissions
  • Select the Visitors Group
  • Click “New” to enter users to whom Visitor privileges are to be granted
  • enter “domain users” to enter all of the entries in Active Directory for your domain

Once the grant has been saved, the settings will be effective. All of the users listed in Active Directory for your domain will have at least visitor privileges to the new site collection you’ve created.

Visitor privileges include the right to read everything, but visitors cannot contribute anything to the site, nor, as we point out in the video “can they edit any of the properties of the page.”

To grant users privileges above those of a visitor, a site collection administrator should follow each of the steps listed above, but select the “Members” group for the site. Members have the right to contribute to the site.

If security groups have been set up in Active Directory, then it is possible to bulk add users to the “Members” group. Simply add the name of the target security group in Activity Directory. Once the setting is saved, every member of the security group will have “Member” privileges which will allow each of them to contribute to the site.

Keep in mind that, as Asif Rehmani explains in this tutorial, “privileges are cumulative in SharePoint.” In other words, when users with “Visitor” privileges receive “Member” privileges, the new privileges are added to the existing set.

The “Owners” group will be made up of the SharePoint Administrators, including the site collection administrator for this new site collection.

A final word should be noted on the “Viewers” group. “Viewers” have fewer privileges than “Visitors.” They can ” . . . only view content of pages on the site.” (quoted from the tutorial on this topic authored by Asif Rehmani and published on SharePoint-Videos.com). They cannot read documents in client applications like Word, or Excel. If you have Excel or Word services enabled for SharePoint 2010 Server, then “Viewers” will be able to read those documents on the web page for the site.

Ira Michael Blonder

© Rehmani Consulting, Inc. & Ira Michael Blonder, 2013 All Rights Reserved