SharePoint 2007 - Giving rights to a particular group, to manage another group

Posted on 10/19/2007 @ 12:20 AM in #SharePoint by | Feedback | 5574 views

Okay let me explain what I mean here.

You have a site collection. You have 3 groups there -

  • IT - the control all, overloaded people. Bottleneck as usual.
  • Power users for Department X = GROUP A
  • Users of Department X = GROUP B

Now, IT wants to reduce it's workload, and wants to:

a) Allow Group A to manage users of Group B
b) Not allow Group A to manage security anywhere else.
c) Allow IT itself to manage security wherever the hell they please.

How would you do it? Well, here is how.

  1. Create a custom security permission level, remove the "Manage Users" and "Create Groups" permissions. (How to create custom security permissions?)
  2. Create a SharePoint group called Group A, give it the security permission level you setup in #1.
  3. Create a second SharePoint Group called Group B - and specify it's owner as Group A. This works since both SPGroup and SPUser inherit from SPPrincipal, which inherits from SPMember. And SPGroup.Owner is of type SPMember.

Thats it !! ;-). now Group A can manage Group B, but nothing else.

w00t!

Sound off but keep it civil:

Older comments..


On 10/19/2007 2:18:15 PM Becky Isserman said ..
We're actually going to have a meeting here about security permissions. I guess some random people decided they wanted to call me and ask for special permissions to lock out deleting items in a calendar. There really is no policy in place and we need to figure out who can decide security permissions.

Can I ask you more information about the data plan for the iphone? Maybe drop me an e-mail sometime?