2.9.1.5 Site Group

A Windows SharePoint Services site group is a named logical grouping of user or group accounts. A site group can be set to specific roles or have rights granted to it. Each Windows SharePoint Services site group is assigned a default role, but the role for any site group can be changed as necessary. Some predefined Windows SharePoint Services site groups are as follows:

• Site Owners

• Site Members

• Site Visitors

Windows SharePoint Services group (2) memberships are stored in SQL table named GroupMemberships. Each group is assigned an identifier that is unique within that site collection. The use of groups can enable easier security management. When a large number of users have to be assigned the same role, administrators can easily create a Windows SharePoint Services group (2) and assign those users as members (3) and simply grant permissions to the group rather than to each individual. Similarly, administrators can add new users to existing groups as a means of quickly giving users appropriate permissions. For more information about creating Windows SharePoint Services groups (2) and adding users to existing groups, see:

• [MSDN-SHPTSDK] for Windows SharePoint Services 3.0

• [MSDN-SHPTSDK4] for Microsoft SharePoint Foundation 2010

• proc_SecCreateSiteGroup and proc_SecAddUserToSiteGroup in [MS-WSSFOB] for Windows SharePoint Services 2.0

• proc_SecCreateSiteGroup and proc_SecAddUserToSiteGroup in [MS-WSSFO] for Windows SharePoint Services 3.0

• proc_SecCreateSiteGroup and proc_SecAddUserToSiteGroup in [MS-WSSFO2] for SharePoint Foundation 2010

Windows SharePoint Services groups (2) cannot be nested inside of each other. However, a Windows SharePoint Services group (2) can contain Active Directory groups as members (3).

Windows SharePoint Services groups (2) are themselves a securable object in Windows SharePoint Services with specific permissions to manage them, as described in section 2.9.1.2.