sharepoint 2010 foundation team site permissions

Posted on 2011-05-09
Last Modified: 2012-05-11
Hi Experts.  I recently rolled out MS Sharepoint 2010 Foundation on a Windows 2008 R2 server which is running in a Windows 2003 AD environment with 200+ Windows XP desktops.  I am trying to configure Sharepoint to work in this office where there are 10 different departments.  To minimize the nightmare, I am rolling SP out with one team site (IS) and using the first team site/home page as the community page.

With that said, I'm thinking of the configuration as such:

>IS Dept

I set the permissions on IS Dept to not inherit the group permissions (Team Site Visitors) from Home but anytime I configure Home, those permissions show up on IS Dept.  Also, when I remove the group from IS Dept, that group disappears from Home preventing my test user from accessing the site.  So, the question I am asking is how do I configure the Home page (not sure what the proper technical name is for this page but it was the first one created during the SP install) groups so that they don't alter the groups for the IS Dept page?

Just so that you know where I am coming from, I am a pure novice with SP.  

: )   Thanks Experts
Question by:samiam41
    LVL 16

    Accepted Solution

    Group definitions (not permissions) are Site Collection wide. If you are going to contain all sites within the same SIte Collection, you will see all Groups across all sites. If you delete a Group within one site, you are really deleting the Group for all sites within that Site Collection.

    If you are going to keep the sites all within the same Site Collection, you will want to have unique permissions (ie, break inheritence) at each sub-site level. The Groups will still be listed, but you can remove any access except to the relative Groups for that site. So for example, you could remove all  access permissions to the IS Dept except for the defined IS Group.

    If you are really wanting to separate department sites by security groups and content access, you might consider breaking them out into separate Site Collections. If you want to share Groups and content access, keep moving forward with a single Site Collection.

    Does that help?
    LVL 38

    Assisted Solution

    When it comes it comes to a site collection, all SharePoint groups are visible to all sub sites within the site collection.  So, just because you can see a SharePoint group that is used in the top level site from the sub site, doesn't mean it's actually granting permissions to the sub site.  Just want to get that clear since you are a newbie :)

    When you create a subsite, if you choose Unique Permisssion from the Create screen, three SharePoint groups will get created in the format of "Site Name Owners, Site Name Members, and Site Name Visitors".  However, if you don't choose Unique Permissions at first, then go back in and say "Do Not Inherit from Parent", these groups won't get created.

    More than likely what is happening is the top level groups (Team Site Visitors) is assigned permissions on both the top level site (as it should be) and the sub site (you need to change this).  You need to probably create three SharePoint security groups (IT Owners, IT Members, IT Visitors), and assign these groups permissions on the IT sub site.

    If you navigate to httpP://siteurl/_layouts/user.aspx, it will show you which groups actually have permissions on the current site.  If you are on the IT subsite, you shouldn't see "Team Site xxx" groups here.  You can select them and choose "Remove User Permissions" from the ribbon.  This is the page where you would create the IT groups and assign them permissions.
    LVL 16

    Assisted Solution

    Here is a look with some good general security assignment information. Look for the sub-heading on SharePoint Groups:
    LVL 9

    Author Comment

    Thank you for the quick and informative responses.  Let me go through these and make sure I understand them prior to closing the question out/awarding points just in case I have additional questions.

    Again, thanks for the information and making it so a newbie could understand.  ; )
    LVL 38

    Expert Comment

    Please update/close
    LVL 9

    Author Closing Comment

    Thanks again everyone and my apologies for the delay.  I have a much better understanding of this now and that will help me plan out the permissions going forward.  Glad I asked for help now before I got too far down the road.

    Hope to work with you all again in the near future,

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
    The vision: A MegaMenu for a SharePoint portal home page The mission: Make it easy to maintain. Allow rich content and sub headers as well as standard links. Factor in frequent changes without involving developers or a lengthy Dev/Test/Prod rel…
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now