none
SharePoint permissions and groups

    Question

  • Hello everyone,

    just kindly ask you a suggestion. I am managing SharePoint 2010 for a wide company. There are some areas (sub-sites) and in each area there is one user with Full Control permissions (administrator). Is it possible configure a permission level based on this constraint: the areas administrators should be able to give reading and contributors permissions, but they must not have rights to give Full Control permissions to anyone.

    Is it possible to realize this with default SharePoint default features, groups and permission levels ?

    Thank you in advance.

    Gaetano

    Thursday, October 18, 2012 8:19 AM

Answers

  • Hi,

    You can create a new permission level from Users and Permissions > Site permissions >  Permission Levels > 

    Add a Permission Level and make this Permission level with the desired constraint.

    After that create a SharePoint group and assign this permission level to this group. 

    Then it will be much easier to manage the administrators with full control or even delete all users with full control from the site collection and leave the site collection administrators with (Full Control)

    If you need this for many site collections you can try creating a script with Powershell and apply this to all site collections.

    Hope I understood the question correctly.

    Regards,

    Razvan

    Thursday, October 18, 2012 9:53 AM
  • Hi Gaetano,

    @Cimares said, there is no out of the box way to restrict this. And if you want to do this still, you can do it like you said. Create custom permission level what you want, then delete the others, but you can not delete full control and Limited Access. What's more, the permission levels are managed from top level site.

    Regards,

    Kelly

    Friday, October 19, 2012 3:17 AM
  • No, If someone has full control to a site, then they have the ability to grant full control to anyeone else. There is no out of the box way to restrict this.

    Paul.


    Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times.

    Thursday, October 18, 2012 9:02 AM

All replies

  • No, If someone has full control to a site, then they have the ability to grant full control to anyeone else. There is no out of the box way to restrict this.

    Paul.


    Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times.

    Thursday, October 18, 2012 9:02 AM
  • Thank you very much Paul,

    but yesterday I had an idea ... my idea was to modify (customization) the "permissions page" (.aspx) so that areas-Administrators can see permissions appearing in that page (I decide which permissions make visible), not in the SharePoint permission page.

    Can I proceed in that way ? What's your opinion about that ?    

    Thursday, October 18, 2012 9:27 AM
  • Hi,

    You can create a new permission level from Users and Permissions > Site permissions >  Permission Levels > 

    Add a Permission Level and make this Permission level with the desired constraint.

    After that create a SharePoint group and assign this permission level to this group. 

    Then it will be much easier to manage the administrators with full control or even delete all users with full control from the site collection and leave the site collection administrators with (Full Control)

    If you need this for many site collections you can try creating a script with Powershell and apply this to all site collections.

    Hope I understood the question correctly.

    Regards,

    Razvan

    Thursday, October 18, 2012 9:53 AM
  • Hi Gaetano,

    @Cimares said, there is no out of the box way to restrict this. And if you want to do this still, you can do it like you said. Create custom permission level what you want, then delete the others, but you can not delete full control and Limited Access. What's more, the permission levels are managed from top level site.

    Regards,

    Kelly

    Friday, October 19, 2012 3:17 AM