sharepoint admin roles

pma111
pma111 used Ask the Experts™
on
what are the admin equivalent roles in SharePoint server 2013? E.g. what would an administrator of a SharePoint environment typically be granted to allow them to do their duties? I.e. sysadmin equivalent in MSSQL? enterprise admin in exchange etc.

Also out of interest (very novice query), if a SharePoint admin needed to add a user to a SharePoint environment so they could view content on a site, or amend permissions to documents on a site, what management tool within SharePoint would they use?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Admin role on sharepoint is full rights

SharePoint administrator responsiblities includes installing, configuring and upgrading SharePoint systems, managing system operations and services, helping to train and support business users on SharePoint usage and backing up SharePoint data. In some cases, a SharePoint administrator may also oversee the SQL Server database that supports Sharepoint.

A SharePoint administrator might be responsible for managing a single system or a SharePoint farm consisting of multiple servers. Depending on the organization, one person or a team of people may be responsible for carrying out administrative duties.
NoahHardware Tester and Debugger

Commented:
Hi there! :)

Please refer to the link below  Scroll down of Control +F to "Along with an error message that may be displayed" to view more information on the different roles and administrative capabilities.

Reference: https://docs.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/plan-for-least-privileged-administration

Abstract:
Capture.JPG

Author

Commented:
Also out of interest (very novice query), if a SharePoint admin needed to add a user to a SharePoint environment so they could view content on a site, or amend permissions to documents on a site, what management tool within SharePoint would they use?
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

NoahHardware Tester and Debugger

Commented:
@pma111 Yes, they should have some basic rights to do so but that is also subject to what the creator (Master Admin e.g) of the admin accounts assigned and incorporated as basic rights.

Commented:
shrepoint site management
Jeff GloverSr. Systems Administrator

Commented:
The term SharePoint Administrator normally refers to someone with the Farm Administrator Role. This means they can manage all servers in a farm. Each Site collection in a farm can have its own Site Collection Administrator(s) who have rights to add subsites and content to the Site collection, give users permissions to the Site, etc... We have SharePoint Farm Administrators and we have Site Collection Administrators. With only a couple of exceptions, our Farm Administrators are Site Collection Admins on every site.
SharePoint AED
Distinguished Expert 2018
Commented:
Lot of good information above -

To answer your question about what tool would a SharePoint Admin need to add a user, that would be using 'Site Settings' --> 'Site Permissions'. Users with Full control at the site collection (or in some cases the sub site level) have permissions to add and remove users, content, web parts, create App such as Document Libraries and List as well as other out of the box object. Keep in mind, any user can be granted full control permissions. It would take another user with at least Full Control permissions to grant that access. When a site is created by a SharePoint Admin it is usual procedure to grant Full Control to a standard user that will be responsible for the site.

Additional Information -

To clarify some of the other points that were mentioned and what you asked. Based on the link that Noah posted, which is a great article btw, a Standard Domain user account needs to be used to install the SharePoint environment (farm), best practice is to follow your company policy and create a "Service Account" and use a name such as SP Admin or what ever company policy prescribes. This account does not need to be a Domain Admin, but needs to be a local administrator on all servers that will have SharePoint installed on them. That account also needs to be granted the Securityadmin and DB_owner role on the SQL server that will be used for the SharePoint farm. I am not going to go deeper on this topic because the article does a great job of explaining it all.

Once the farm is installed and running, you can set up security via Central Admin. Although it often goes against security policies that companies have in place, but you can initially log in with the SP Admin account. Do not confuse that with the SP Farm account. The SP Farm account is what was configured during the installation of SharePoint. It is used for managing the farm at the internal level, again explained in the article. Keep in mind, the SP Farm account is just a standard user account that will need to be created in Active Directory before the farm is installed. (Since your farm is up and running, you should have an SP Farm already, although it may have a different name.) In central administration you will find settings under the security section where you can see all of the service accounts in use in your farm. SP Farm is what you would consider the sysadmin account in SQL, but not quite the same as the Enterprise Admin in Exchange. The SP Admin would be more like the Exchange Enterprise Admin.

In Central Admin you can add 'Farm Administrators' under the security section. (IT Admin presumably, don't make a standard user a Farm Admin unless you want to kiss your farm goodbye). Although an admin may be a Farm Admin, that does not automatically grant that user access to data. Don't think this is a secure way to protect data. It is not secure because anyone in the Farm Admin group can grant themselves access to data anywhere throughout the farm. So be very careful who you make a SharePoint farm admin.

Further down the hierarchy there is the web app level. You can grant explicit access at the Web App level via Central admin using user policy. This will override any access granted at any lower level, however it is not intended for individual standard users in most cases. This is where you could grant your search crawl account full read access to the web app meaning that the search crawl account can index all data.

As mentioned in some of the information above, each site collection has what is called a Site Collection  Administrator (SCA). This level of access is separate than the 'Site Permissions" construct that you will usually work with. A user can be granted Site Administrator permissions via Central Administration, or via the browser. If granted via the browser the person granting that permission needs to be at least a Site Administrator. The boundaries of the Site Collection Administrator is the site collection. Being a SCA in one site does not mean that users is an SCA in any other site collection. Also, an SCA is SCA for all sub sites of the site collection and there is now way around that.

Here is a good article regarding SCA vs. Site Owner

https://sharegate.com/blog/site-owner-vs-site-collection-administrator

The most widely used method for granting, removing and generally controlling access is as mentioned above, Site Permissions found under Site Settings. From the Site Permissions section you can add and remove users as well as control their level of access. You can set up unique permissions here as well as some other useful tasks. A users needs the permission "Manage Permissions" to work with site permissions. That means that they may not need to have full control, but it would take some tweaking, not hacking, but tweaking to the configuration of site permissions. (In case you are wondering, hacking implies going against functionality in a renegade fashion. Tweaking is correctly leveraging functionality.)

Hope that helps...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial