Thursday 24 May 2007
Site Collection Administrators and Adding Workflows to Sites with Broken Inheritance
Another gotcha in the SharePoint world. You would think that Site Collection Administrators could do anything on any site inside the collection. Being an administrator and all. Not so. If you've broken inheritance you will find that you no longer have the correct options in SharePoint Designer to add a new workflow. For the meantime I have solved this by explicitly adding the "Site Collection Administrator" account into the "SiteName Owners" group - which was created when we broke inheritance. Not exactly the functionality I was expecting.
Saturday 19 May 2007
Fear and Surprise and Permissions in MOSS Central Admin
Access denied when selecting "User profiles and properties"? Can't access your shared services provider? Can't get to the "Import Application Definition" page of the BDC?
No one expects the MOSS administration, and certainly - if you are looking at the Central Administration tool for the first time, you would certainly be forgiven for suffering from fear and surprise, the 2 weapons of the Administration.
Yes 2 are their weapons; fear, surprise and permissions...oh, no wait, that's 3. Anyway.....
As an external consultant, assisting with someone elses MOSS install, you can't always fall back on knowing the domain admin password, or being privvy to the setup accounts and passwords used for setting up the search, app pools etc. But you may need, like I do, to have access to administer everything about Central Admin after the initial setup, using a normal user account created for you by the IT team. I generally make sure this is all sorted out before I leave site the first time, along with any remote connection details required.
Giving this user account access sounds easy. The "original" administrator needs to go to Central Admin -> Operations -> Update Farm Administrator's Group, and simply add the user in. Easy! well....you'd think. Launch Central Admin with this new account and yes, you'll get in, but you'll quickly find you have no access to mysites, shared services providers or to any other site collections. However - you now have all the boot strapping you require.
First make sure you are a site collection administrator for mysites, the SSP, and any site collections you are interested in using the following procedure:
You may have got yourself into the SSP, but you'll find that you can't access several expected key features, notable being:
Personalization services permisions
Business Data Catalog Permissions
Nothing complex here - just a step that I bet you wont be expecting already being as "admin" as you can get
No one expects the MOSS administration, and certainly - if you are looking at the Central Administration tool for the first time, you would certainly be forgiven for suffering from fear and surprise, the 2 weapons of the Administration.
Yes 2 are their weapons; fear, surprise and permissions...oh, no wait, that's 3. Anyway.....
As an external consultant, assisting with someone elses MOSS install, you can't always fall back on knowing the domain admin password, or being privvy to the setup accounts and passwords used for setting up the search, app pools etc. But you may need, like I do, to have access to administer everything about Central Admin after the initial setup, using a normal user account created for you by the IT team. I generally make sure this is all sorted out before I leave site the first time, along with any remote connection details required.
Giving this user account access sounds easy. The "original" administrator needs to go to Central Admin -> Operations -> Update Farm Administrator's Group, and simply add the user in. Easy! well....you'd think. Launch Central Admin with this new account and yes, you'll get in, but you'll quickly find you have no access to mysites, shared services providers or to any other site collections. However - you now have all the boot strapping you require.
First make sure you are a site collection administrator for mysites, the SSP, and any site collections you are interested in using the following procedure:
- Go to Application Management -> SharePoint Site Management -> Site Collection Administrators
- Select "change site collection" and select the correct web application using the over complex interface
- Add yourself as the secondary site collection administrator
You may have got yourself into the SSP, but you'll find that you can't access several expected key features, notable being:
- User Profiles and Properties
- Import Application Definition
Personalization services permisions
Business Data Catalog Permissions
Nothing complex here - just a step that I bet you wont be expecting already being as "admin" as you can get
Subscribe to:
Posts (Atom)