Sunday 20 February 2011

SharePoint 2010 Administration Roles

In SharePoint 2010 the general approach has been to make administration permissions more granular then in SharePoint 2007 so that the overall security model is more flexible.

Farm administration
  • Farm administrators are able to perform administrative tasks on the farm (conduct tasks is central administration).
    They are able to assign administrators to Service applications. This implies that farm administrators don't necessarily have to administer service applications.
  • They don't have access to site content by default.
  • Farm administrators are not able to run powershell unless give then SharePoint_Shell_Access role.
Aside : Local administrators on the server can do all farm admin features and more.

Service administration
  • Service application administration also adheres to the concept of granularity.
  • All service applications can have specific administrators assigned by a farm administrator. So the search service application for example would have its own administrator who is not necessarily a farm administrator.
  • This provides flexibility so that different service applications can be administered by different people / groups.
Feature administration
  • This is a new concept which allows specific users / ground to administer a sub set of services application settings.
  • Feature administrators are effectively allowed to administer specific features within a service application. An example would be administering 'Audience settings' within the User profile service application.
Tenant administration
  • Tenancy is a new concept for 2010 and the administrator model has changed to support this.
  • Tenancy allows service applications to be separated depending on tenant. For instance the same search service application can be shared across multiple tenants.
  • Tenant administrators can administer some service application settings  which are specific to their tenancy.
  • In addition tenant administrators are also able to create site collections.
So the key take away is...... Its more flexible in 2010 then it ever was in MOSS.

1 comment: