[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


sharepoint 2010 foundation team site permissions

Posted on 2011-05-09
Medium Priority
Last Modified: 2012-05-11
Hi Experts.  I recently rolled out MS Sharepoint 2010 Foundation on a Windows 2008 R2 server which is running in a Windows 2003 AD environment with 200+ Windows XP desktops.  I am trying to configure Sharepoint to work in this office where there are 10 different departments.  To minimize the nightmare, I am rolling SP out with one team site (IS) and using the first team site/home page as the community page.

With that said, I'm thinking of the configuration as such:

>IS Dept

I set the permissions on IS Dept to not inherit the group permissions (Team Site Visitors) from Home but anytime I configure Home, those permissions show up on IS Dept.  Also, when I remove the group from IS Dept, that group disappears from Home preventing my test user from accessing the site.  So, the question I am asking is how do I configure the Home page (not sure what the proper technical name is for this page but it was the first one created during the SP install) groups so that they don't alter the groups for the IS Dept page?

Just so that you know where I am coming from, I am a pure novice with SP.  

: )   Thanks Experts
Question by:samiam41
  • 2
  • 2
  • 2
LVL 16

Accepted Solution

jessc7 earned 1400 total points
ID: 35721835
Group definitions (not permissions) are Site Collection wide. If you are going to contain all sites within the same SIte Collection, you will see all Groups across all sites. If you delete a Group within one site, you are really deleting the Group for all sites within that Site Collection.

If you are going to keep the sites all within the same Site Collection, you will want to have unique permissions (ie, break inheritence) at each sub-site level. The Groups will still be listed, but you can remove any access except to the relative Groups for that site. So for example, you could remove all  access permissions to the IS Dept except for the defined IS Group.

If you are really wanting to separate department sites by security groups and content access, you might consider breaking them out into separate Site Collections. If you want to share Groups and content access, keep moving forward with a single Site Collection.

Does that help?
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 600 total points
ID: 35721856
When it comes it comes to a site collection, all SharePoint groups are visible to all sub sites within the site collection.  So, just because you can see a SharePoint group that is used in the top level site from the sub site, doesn't mean it's actually granting permissions to the sub site.  Just want to get that clear since you are a newbie :)

When you create a subsite, if you choose Unique Permisssion from the Create screen, three SharePoint groups will get created in the format of "Site Name Owners, Site Name Members, and Site Name Visitors".  However, if you don't choose Unique Permissions at first, then go back in and say "Do Not Inherit from Parent", these groups won't get created.

More than likely what is happening is the top level groups (Team Site Visitors) is assigned permissions on both the top level site (as it should be) and the sub site (you need to change this).  You need to probably create three SharePoint security groups (IT Owners, IT Members, IT Visitors), and assign these groups permissions on the IT sub site.

If you navigate to httpP://siteurl/_layouts/user.aspx, it will show you which groups actually have permissions on the current site.  If you are on the IT subsite, you shouldn't see "Team Site xxx" groups here.  You can select them and choose "Remove User Permissions" from the ribbon.  This is the page where you would create the IT groups and assign them permissions.
LVL 16

Assisted Solution

jessc7 earned 1400 total points
ID: 35721882
Here is a look with some good general security assignment information. Look for the sub-heading on SharePoint Groups:

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.


Author Comment

ID: 35722203
Thank you for the quick and informative responses.  Let me go through these and make sure I understand them prior to closing the question out/awarding points just in case I have additional questions.

Again, thanks for the information and making it so a newbie could understand.  ; )
LVL 38

Expert Comment

by:Justin Smith
ID: 35822915
Please update/close

Author Closing Comment

ID: 35941601
Thanks again everyone and my apologies for the delay.  I have a much better understanding of this now and that will help me plan out the permissions going forward.  Glad I asked for help now before I got too far down the road.

Hope to work with you all again in the near future,

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question