Section 4.3. Site Group Management


4.3. Site Group Management

Site groups allow you to grant roles to users and groups. You can think of a site group as a set of permissions that restrict what tasks a user can and cannot perform within your SharePoint site. As a site administrator, you can create specific site groups for specific users and functions. Once you have your site group created, you can link it to either a specific user or a specific group.

4.3.1. Default Site Groups

SharePoint installs five default site groups that you can apply in most situations. Each of the default groups allows different permissions that are useful for different types of users. However, if the default groups do not suit your needs, you can also create custom groups.

4.3.1.1 Guest

The guest site group provides the lowest possible permission level to users without denying site access. This group restricts users and user groups to read-only access. You should use this site group for default users and groups that are not assigned to a site group with greater access rights.

4.3.1.2 Reader

The reader site group has more access than the guest site group. A reader has permission to:

  • Read all content in the site.

  • Create a new site using the "Self-Service Site Creation" option. Self-service site creation allows a user to create a new top-level site. When a user creates a new site, he becomes the administrator of that site but still maintains his existing site groups for other areas in SharePoint.

A user assigned to the reader site group cannot make modifications to content on the site. You assign this site group to users and groups who need access to content on the site but do not need to modify the content.

4.3.1.3 Contributor

The contributor site group inherits the reader site group permissions, plus the ability to:

  • Add, modify, and delete content in existing document libraries and lists

  • Manage personal views

  • Add and remove personal Web Parts

  • Create cross-site groups

A contributor cannot create a document library; however, he can add content to, delete content from, or modify content on an existing library.

You should assign this site group to users and groups who need full control over content in document libraries and lists.

4.3.1.4 Web designer

The web designer site group inherits the contributor site group permissions, plus the ability to:

  • Manage lists and document libraries

  • Create and modify web pages

  • Manage themes and borders

  • Apply style sheets to the site

The web designer site group provides advanced control over a SharePoint site, without granting full administrative control. You should assign this site group to users and groups who are taking ownership of a SharePoint site. Keep in mind that a user in the web designer group does not have full administrative control, although she does have great power over how the site is organized and maintained.

4.3.1.5 Administrator

The final default site group, administrator, inherits the web designer site group permissions, plus the ability to:

  • Manage groups for the site

  • Create sites

  • Create workspace sites

  • Manage list permissions

  • View usage analysis data

You cannot delete or customize the administrator site group, and one user must always be assigned to this group. You should only grant this permission type to users who are going to control access to sites. Generally, this role is reserved for system administrators and other users who have full trust within an organization. Most users do not need any rights higher than the web designer group.

4.3.2. Automatically Assigning a User to a Site Group

By default, SharePoint assigns users to site groups. To change the default site group that the user receives, modify the Anonymous Access settings on the Site Settings screen. To modify these settings, follow the following steps:

  1. Click Site Settings at the top of the screen.

  2. Click on the link Go to Site Administration under the heading Administration.

  3. Click on the link Manage Anonymous Access under the heading Users and Permissions.

  4. Under the section All Authenticated Users, you can change the drop-down list to a new default site group.

Figure 4-1 shows the Change Anonymous Access Settings page, which is used to assign users to specific site groups and to determine what access anonymous users are granted.

Figure 4-1. Default site group assignment


You can change a user's site group assignment. Site groups are assigned at three levels:

  • Global

  • Site

  • Object

The Section 4.4 discusses these topics in detail.

4.3.3. Managing Site Groups

The default site groups do not solve every situation. To provide maximum flexibility, Windows SharePoint Services lets you to create, modify, and delete site groups. By allowing customization of site groups, SharePoint allows you to create a flexible security architecture that adapts to your business requirements.

4.3.3.1 Site group conflicts

You can assign multiple site groups to a user. If two site groups conflict, the site group that applies to the immediate content being viewed is applied. For instance, you could assign a user to the reader site group for the corporate Human Resources SharePoint team site, the web designer site group for the Training SharePoint team site, and the contributor site group everywhere else. In this scenario, when a user accesses the Human Resources site, two site groups conflict: reader and contributor. Because the user is viewing the Human Resources site (the most immediate content), he will have reader access and the contributor site group will not be valid.



    SharePoint User's Guide
    SharePoint 2007 Users Guide: Learning Microsofts Collaboration and Productivity Platform
    ISBN: 1590598296
    EAN: 2147483647
    Year: 2005
    Pages: 62

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net