Help Needed with MOSS 2007 Permissions and Group Assignments

I am having trouble understanding how and where to add users to groups on my MOSS Server. I would like to add all of my Domain Users to Viewers group. Also, I would like to add a Domain Security Group to a MOSS Group for people who will add, delete, modify documents on my sites. Also, would like a domain group added to Moss with slightly lower perms as Full Admin to create and edit web pages. I want these permissions to inherit to all Sites and Sub-Sites as well. Someone please help me to understand and make this happen.
TrihimbulusAsked:
Who is Participating?
 
Ted BouskillConnect With a Mentor Senior Software DeveloperCommented:
MOSS has same preset groups already built that cover the categories you are describing

Readers (Read only access)
Contributors (Can add/delete/modify documents)
Authors (More than contributors, less than owners)
Owners (Have full control of a site)
Site Clection Administrators

However there are a couple of gotchas.  Owners can turn off permission inheritance (which can cause support and maintenance headaches)  They can also edit master pages with Sharepoint Designer and ruin a consistent look and feel.

Basically what you do is add AD security groups or individuals to Sharepoint security groups.  So for example, we set all 'Authenticated users' in AD as readers.  If we have a private site we remove it.

However, we were not happy with the higher level groups so we tweaked them a little bit.  The permissions are very detailed and it's easy to add or change the groups.

Inheritance of permissions is automatic by default.  Basically your designated Site Collection Administrators will control permissions and should be familiar with them before you start allocating sites.  At the default site level we first give all 'Authenticated Users' read only access.  Then as we create sites we assign permissions as required to designated sites.

Usually we designate a couple of site owners and let them administer permissions.  All users have read only access by default so the site owners can decide who on their team gets other priviledges.  We prefer to give people the power to administrate their own sites to lighten our load.

I managed a 6 person team on a 7 server web farm for 9000+ users.  We don't have time to administrate our hundreds of sites so we empower people to do it themselves.
0
All Courses

From novice to tech pro — start learning today.