Choose administrators and owners for the administration hierarchy (SharePoint Foundation 2010)
Applies to: SharePoint Foundation 2010
This article describes the administrator roles that correspond to the Microsoft SharePoint Foundation 2010 server and site hierarchy. Many people can be involved in managing SharePoint Foundation 2010. Administration of Microsoft SharePoint Foundation occurs at the following levels:
Windows server or SharePoint server farm
Document library or list
In this article:
Levels of administration
Levels of administration
Most levels of the server and site hierarchy have a corresponding administration group. The administration groups who have administrative permissions at different levels are described in the following list:
Windows server or server farm level
Farm Administrators group Members of the Farm Administrators group have permissions to and responsibility for all servers in the server farm. Members can perform all administrative tasks in Central Administration for the server or server farm. They can assign administrators to manage service applications, which are instances of shared services. This group does not have access to individual sites or their content by default. However, they can grant themselves access if need be.
Windows Administrators group Members of the Windows Administrators group on the local server can perform all farm administrator actions. Administrators on the local server can perform additional tasks, such as installing new products or applications, deploying Web Parts and new features to the global assembly cache, creating new Web applications and new Internet Information Services (IIS) Web sites, and starting services. Like farm administrators, members of this group on the local server have no access to site content by default.
Farm administrators and members of the local Administrators group can take ownership of specific site collections if necessary. For example, if a site administrator leaves the organization and a new administrator must be added, the farm administrator or a member of the local Administrators group can take ownership of the site collection to make the change. To take ownership, they can add themselves as the site collection administrator on the Application Management page.
Shared services level
Service application administrators These administrators are designated by the farm administrator. They can configure settings for a specific service application within a farm. However, these administrators cannot create service applications, access any other service applications in the farm, or perform any farm-level operations, including topology changes. For example, the service application administrator for a Search service application in a farm can configure settings for that Search service application only.
Feature administrators A feature administrator is associated with a specific feature or features of a service application. These administrators can manage a subset of service application settings, but not the entire service application. For example, a Feature administrator might manage the Audiences feature of the User Profile service application.
Web application level
- The Web application level does not have a unique administrator group, but farm administrators have control over the Web applications within their scope. Members of the Farm Administrators group and members of the Administrators group on the local server can define a policy to grant individual users permissions at the Web application level. For more information about policy, see "Policy for Web applications" in the Logical architecture components (SharePoint Server 2010) article.
Site collection administrators These administrators have the Full Control permission level on all Web sites within a site collection. They have Full Control access to all site content in that site collection, even if they do not have explicit permissions on that site. They can audit all site content and receive any administrative alert. A primary and a secondary site collection administrator can be specified during the creation of a site collection.
Site owners By default, members of the Owners group for a site have the Full Control permission level on that site. They can perform administrative tasks on the site, and on any list or library within that site. They receive e-mail notifications for events, such as the pending automatic deletion of inactive sites and requests for site access.
Use the following worksheet to choose administrators and owners for the administration hierarchy: