Have been wanting to try this for a while now and just now got some
time to do it today. The Central Administration site is just a
SharePoint site with libraries and links, so I was curious what would
happen if you were added to the site as a simple reader. Here's the
results:
As a reader and contributor, you do not gain access to Central administration and you will get the access denied error message. The real magic comes in being in a specifically names group, there are two groups in the SCA:
http://www.sharepointanalysthq.com/2010/10/creating-a-delegated-administrator-for-a-service-application/
However, this also doesn't have much in terms of granular controls. Its all or nothing for most of them. These need more granular controls setup for them. Security seems to be an afterthought in SharePoint, has been, probably always will be.
Reference:
http://blogs.architectingconnectedsystems.com/blogs/cjg/archive/2010/12/06/SharePoint-2010-Delegated-Administration.aspx
As a reader and contributor, you do not gain access to Central administration and you will get the access denied error message. The real magic comes in being in a specifically names group, there are two groups in the SCA:
- Farm Administrators
- Delegated Administrators
- Web Application manager
- Service Account Manager
- Service Application Manager (like a global service app manager role rather than manually apply to each one)
- Backup Restore Manager
- Content Deployment Manager
http://www.sharepointanalysthq.com/2010/10/creating-a-delegated-administrator-for-a-service-application/
However, this also doesn't have much in terms of granular controls. Its all or nothing for most of them. These need more granular controls setup for them. Security seems to be an afterthought in SharePoint, has been, probably always will be.
Reference:
http://blogs.architectingconnectedsystems.com/blogs/cjg/archive/2010/12/06/SharePoint-2010-Delegated-Administration.aspx
No comments:
Post a Comment