Assign administration of User Profile service features (SharePoint Server 2010)

 

Applies to: SharePoint Server 2010

Farm administrators can delegate administration of either a User Profile service application or selected features of a User Profile service application to a service application administrator. A service application administrator can delegate administration of a feature or features of a User Profile application service to another user, who is known as a feature administrator. A feature administrator can perform all administrative tasks that are related to the delegated feature or features, but a feature administrator cannot manage other features, service applications, or settings that are contained in Central Administration. For more information, see User Profile service application overview (SharePoint Server 2010).

Any of the following features of a User Profile service application can be delegated to a feature administrator:

  • Manage Profiles

  • Manage Audiences

  • Manage Permissions

  • Retrieve People Data for Search Crawlers

  • Manage Social Data

Before you perform this procedure, confirm the following:

In this article:

  • Delegate administration of User Profile service features by using Central Administration

  • Delegate administration of User Profile service features by using Windows PowerShell

Delegate administration of User Profile service features by using Central Administration

You typically use the Central Administration Web site to delegate administration of User Profile service features in a stand-alone deployment.

To delegate administration of User Profile service features by using Central Administration

  1. Verify that you have the following administrative credentials:

  2. On the Central Administration Web site, in the Application Management section, click Manage service applications.

  3. In the list of service applications, click User Profile Service Application.

  4. On the Service Applications tab, in the Operations group, click Administrators.

  5. On the Administrators for User Profile Service Application page, type or select a user or group account, and then click Add.

  6. In the Permissions for Administrator: box, check the feature or features for which you want to delegate administration, and then click OK.

Delegate administration of User Profile service features by using Windows PowerShell

You typically use Windows PowerShell to delegate administration of User Profile service features when you want to automate the task, which is common in enterprises.

To delegate administration of User Profile service features by using Windows PowerShell

  1. Verify that you meet the following minimum requirements:

  2. On the Start menu, click Administrative Tools.

  3. Click SharePoint 2010 Management Shell.

  4. From the Windows PowerShell command prompt (that is, PS C:\>), type the following commands:

    1. To display a list of all service applications and their GUIDs, type the following command:

      Get-SPServiceApplication
      
    2. To create a variable that contains the GUID for the User Profile service for which you want to delegate Full Control, type the following command:

      $serviceapp = Get-SPServiceApplication <guid>
      

      Where <guid> is the GUID for the User Profile service for which you want to delegate Manage Social Data permissions.

    3. To create a variable that contains the list of administrators for the service application, type the following command:

      $security = Get-SPServiceApplicationSecurity $serviceapp -Admin
      
    4. To create a variable that contains the claims principal for a user account, type the following command:

      $principalUser1 = New-SPClaimsPrincipal -Identity "<domain\user>" -IdentityType WindowsSamAccountName
      

      Where <domain\user> is the user to whom you want to delegate Manage Social Data permissions.

    5. To give Manage Social Data permissions to the claims principal you just created, type the following command:

      Grant-SPObjectSecurity $security -Principal $principalUser1 -Rights "Manage Social Data"
      
    6. To apply the changes to the User Profile service application, type the following command:

      Set-SPServiceApplicationSecurity $serviceapp -ObjectSecurity $security -Admin
      

    For more information, see Get-SPServiceApplication, Get-SPServiceApplicationSecurity, New-SPClaimsPrincipal, Grant-SPObjectSecurity, Set-SPServiceApplicationSecurity, and Set-SPProfileServiceApplicationSecurity.

See Also

Concepts

Assign administration of User Profile service features (SharePoint Server 2010)
Assign administration of a User Profile service application (SharePoint Server 2010)
User Profile Service administration (SharePoint Server 2010)
Plan for profile synchronization (SharePoint Server 2010)

Other Resources

Resource Center: Enterprise Collaboration in SharePoint Server 2010
Resource Center: Social Computing in SharePoint Server 2010