Step 4: Add new roles to the SharePoint site

  • Article

Applies To: Active Directory Federation Services (AD FS) 2.0

.

StepĀ 4: Add New Roles to the SharePoint site

Now we add a few new roles to the SharePoint site that will have restricted access. We add a role called DrugTrial1Admins that will have administrator access to site. We then add another role called DrugTrial1Auditors that will have visitor access to the SharePoint site. We do this by accessing the SharePoint site as an Administrator. The Administrator account belongs to the Domain Admins Role/Group, and it has full access to the SharePoint site.

To add the DrugTrial1Admins role with administrator access to the SharePoint site

  1. Log on to the CONTOSOSRV01 computer as CONTOSO\Administrator with "demo!23" as the user password.

  2. Navigate to the SharePoint site by going to https://docs.contoso.com/. The site redirects you to the STS login page (as shown below) and asks you to authenticate to the STS.

  3. Sign in to the SharePoint site using the administrator credentials by typing Contoso\administrator for the user name and demo!23 for the password.

  4. Back on the SharePoint site, on the Site Actions menu, click Site Settings, and then click People And Groups.

  5. To add a group to the Home Owners group, click the Home Owners link in the Groups pane.

  6. On the next page, click New, and then click Add Users.

  7. In Users/Groups, type Role#DrugTrial1Admins, and then click OK.

On the next page, you see Role#DrugTrial1Admins as a member of the Home Owners group.

To add the DrugTrial1Auditors role with visitor access to the SharePoint site

  1. In the browser window that you opened to the SharePoint administration site previously, under Groups, click Home Visitors.

  2. On the next page, click New, and then click Add Users.

  3. In the input box, type Role#DrugTrial1Auditors, and then click OK.

  4. Role#DrugTrial1Auditors appears in the Home Visitors group.

To verify that the new roles are working when you access the SharePoint site

  1. Close the browser window, reopen Internet Explorer, and navigate to https://docs.contoso.com.

  2. On the STS sign in page, sign in using DanielW's credentials (Username: contoso\danielw, Password: demo!23), who is a member of DrugTrial1Admins group.

  3. The STS logs you in and redirects you back to Docs.contoso.com with a token that contains the role of DrugTrial1Admins. The user name that you logged on with (danielw@contoso.com) will appear in the SharePoint site, and you will have full access to the SharePoint site because the user belongs to a group (DrugTrial1Admins) that has full access to the site.