We've already looked at the Knowledge community in SharePoint, now it's time to look at the Power User and the Operational Communities to see who they are,  and what the specific needs and best practices are for each.

The “Power User”\“Super User” Community

The “Power Users” \ “Super Users” who supports the “care and feeding” of SharePoint communities where I mentioned in the previous article “keep the lights on” and ensure security, performance, governance, compliance and business continuity should follow the following high-level as well as more granularly listed best practices:

sp_roles.png

Because IT and the “Operations” community is usually extremely busy working on “keeping the lights on” the “Power User” community can be your first line of defense as well as a friendly face to engage the business and work with IT to resolve community issues.

sp_communities.png

sp_knowledge.png

The “Operational” Community

SharePoint Operational Community and Related Roles support the following in SharePoint:

People (Permissions, Active Directory, Groups, etc.)

  • Roles & Teams
  • Sponsorship

Process and Policies (Enforcement)

  • Security
  • Content Management (Policy Enforcement from a technical level)
  • Hardware & Services
  • Procedures (From an automated or technical level)

Communication and Training (From a technical level)

  • Communication Plan
  • Training Plan
  • Support Plan

It is also key to have these permissions and responsibilities in the operations roles persistent throughout all communities (SharePoint sites \ farms). The roles and responsibilities defined below are specific to SharePoint Communities used for operations and maintenance of SharePoint 2013 and SharePoint 2010.

Note: These will vary based on your specific requirements as well as the site templates and technology versions you have implemented but is a very strong “core” list to pull from:

Role Responsibilities and Tasks Group Permissions Trustee
SharePoint Team Manager
  • Responsible for all SharePoint Product and Technology Efforts.
  • Leads SharePoint Steering Committee.
  • Leads SharePoint Team.
  • Major SharePoint Technology Decision Maker
SharePoint Team Full Control: full control given at the web application policy level for every web application in all farm locations.
Admin Control: full control to all central administration and SharePoint services in all farm locations.
May or may not have system administrative or SQL administration rights.
Application Manager/Infrastructure Architect
SharePoint Application Architect
  • SharePoint Development Team Lead
  • Third Party Configuration
  • Line of Business Integration
  • Governance Model/Best Practices Enforcement
SharePoint Team Full Control: full control given at the web application policy level for every web application in all farm locations.
Admin Control: full control to all central administration and SharePoint services in all farm locations.
Has system administrative or SQL administration rights in non-production systems.
SharePoint Team Manager
SharePoint System Architect
  • AD and Exchange Integration
  • Profile Synchronization
  • Patch Management (Validation and Testing)
  • Responsible for SharePoint farm infrastructure design, installation, guidelines and best practices.
  • Governance Model/Best Practices Enforcement
  • System Administrators day to day support
  • Search Administration
  • Farm Administrators day to day support
  • Third Party Configuration
SharePoint Team Full Control: full control given at the web application policy level for every web application in all farm locations.
Admin Control: full control to all central administration and SharePoint services in all farm locations.
Has system administrative or SQL administration rights in production systems.
SharePoint Team Manager
Active Directory Manager
  • Active Directory Management
  • DNS Management
  • Exchange Management
Infrastructure Team Will not have access to portal or site configuration settings and will not be able to make any changes to the application. SharePoint System Architect
Network Engineer
  • Firewalls
  • WAN
  • WAN Optimization
  • Remote Access Management
  • External Access Management
  • Load Balancing
Infrastructure Team Will not have access to portal or site configuration settings and will not be able to make any changes to the application. SharePoint System Architect
SharePoint Solution Manager
  • Responsible for SharePoint services, policies, procedures, and governance/best practice enforcement.
  • Liaison between business users and SharePoint Team.
  • Day to day support for Site Collection Managers.
  • Serves as SharePoint champion for all locations.
SharePoint Team Will not have system administrative or SQL administration rights.
Local Full Control– full control given at the site collection level
SharePoint Application Architect /SharePoint System Architect
SharePoint System Administrator
  • Responsible for SharePoint farm infrastructure change requests.
  • Responsible for day to day maintenance of SharePoint farm OS operations and uptime.
Infrastructure Team Will not have access to portal or site configuration settings and will not be able to make any changes to the application. IT Manager
SharePoint SQL Database Administrator
  • SQL Server database backup and recovery, SQL configuration, SQL upgrades and monitoring.
  • Responsible for databases, site collection, and site backups.
Infrastructure Team Will not have access to portal or site configuration settings and will not be able to make any changes to the application.
SQL Administrative rights
IT Manager
SharePoint Solution Analyst
  • Tests custom code and third party tools in non-production systems
  • Defined requirements for proposed solutions to determine whether the solution is Commercial Off the Shelf (COTS), requires custom development or requires feature extension
SharePoint Team Full Control: full control given at the web application policy level for every web application in virtual lab environments
Admin Control: full control to all central administration and SharePoint services in virtual lab environments
Has system administrative or SQL administration rights in virtual lab environments
SharePoint Application Architect / SharePoint System Architect

Local Group Roles in the Operational Community (End-User Roles)

  • These community (site) roles will be managed by the Farm Administrator.
  • Community (site) users may belong to more than one group to add additional permissions.
  • Community (site) users may also be removed from lower level roles as higher level roles permissions may encompass the permissions of the lower level role.
Roles Responsibilities and Tasks  Training  Permissions Trustee
Site Collection Manager (IT) (Top Level Communities or Sites)
  • Manage Features and Solutions for site collection.
  • SharePoint site provisioning for site collection
Instructor led with good understanding of site administration, security, content creation, feature deployment Access defined at the SharePoint application level. No access at the system level. Farm Administrator
Site Collection Owner (Solution Manager in Development, IT in Production)
  • Site Collection Owner. Content creation. Manage content.
  • Sub-site management
Instructor led with good understanding of site administration, security, content creation Access defined at the SharePoint application level. No access at the system level. Site Collection Manager / Farm Administrator
Site Owner (Solution Manager, IT and End User)
  • Site Owner. Content creation. Manage content.
Instructor led with good understanding of site administration, security, content creation Access defined at the SharePoint application level. No access at the system level.  Site Collection Manager / Farm Administrator
Developer (IT Dev is the SharePoint Team). This group exists on all sites at time of creation but is removed prior to go-live.
  • Manage the site layout and structure.
  • Create custom workflows.
  • Create custom Web Parts, solutions and features.
  • Responsible for building the framework and features of the portal.
  • Modify SharePoint templates as needed.
  • Write ASP.Net code.
  • Participate in design tasks as needed.
  • Participate in development and testing as needed.
    Create custom forms.
Instructor led training with CBTs. MS training for Visual Studio, and SharePoint Designer “Developers” Full control of non-production systems.
Access defined at the SharePoint application level. No access at the system level.
Access does not exist in the production environment.
SharePoint Application Architect
Member Content creation (documents, lists).
Contribute to collaboration sites (blog, wiki).
Initiate workflows.
CBT with good understanding of document libraries and lists Access defined at the SharePoint application level. No access at the system level. Site Owner
Approver
  • Approve content (documents, lists).
  • Initiate workflows.
CBT with good understanding of content approval and workflows Access defined at the SharePoint application level. No access at the system level. Site Owner
Reader View content N/A N/A Site Owner

End User Community Permissions

The following is an example of “end user” community permissions based on the user roles for the community (sites) are listed below.

List Permissions

Community Site Permissions Site Collection Manager Owner Developer Member Approver Reader
Manage Lists - Create and delete lists, add or remove columns in a list, and add or remove public views of a list. Y Y Y N N N
Override Check Out - Discard or check in a document which is checked out to another user. Y Y N N N N
Add Items - Add items to lists, add documents to document libraries, and add Web discussion comments. Y Y Y Y N N
Edit Items - Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries. Y Y Y Y Y N
Delete Items - Delete items from a list, documents from a document library, and Web discussion comments in documents. Y Y Y Y N N
View Items - View items in lists, documents in document libraries, and view Web discussion comments. Y Y Y Y Y Y
Approve Items - Approve a minor version of a list item or document. Y Y Y Y Y N
Open Items - View the source of documents with server-side file handlers. Y Y Y Y Y N
View Versions - View past versions of a list item or document. Y Y Y Y Y N
Delete Versions - Delete past versions of a list item or document Y Y   N N N
Create Alerts - Create email alerts. Y Y Y Y Y N
View Application Pages - View forms, views, and application pages. Enumerate lists. Y Y Y Y Y Y
Manage Permissions - Create and change permission levels on the Web site and assign permissions to users and groups. Y N N N N N
View Usage Data - View reports on Web site usage. Y Y Y N N N
Create Sub-sites - Create Sub-sites such as team sites, Meeting Workspace sites, and Document Workspace sites. Y Y Y N N N
Manage Web Site - Grants the ability to perform all administration tasks for the Web site as well as manage content. Y N N N N N
Add and Customize Pages - Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services-compatible editor. Y Y Y N N N
Apply Themes and Borders - Apply a theme or borders to the entire Web site. Y Y Y N N N
Apply Style Sheets - Apply a style sheet (.CSS file) to the Web site. Y Y Y N N N
Create Groups - Create a group of users that can be used anywhere within the site collection. . Y N N N N N
Browse Directories - Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces. Y Y Y Y Y Y
View Pages - View pages in a Web site. Y Y Y Y Y Y
Enumerate Permissions - Enumerate permissions on the Web site, list, folder, document, or list item. Y Y Y Y Y N
Browse User Information - View information about users of the Web site. Y Y Y Y Y N
Manage Alerts - Manage alerts for all users of the Web site. Y Y N N N N
Use Remote Interfaces - Use SOAP, Web DAV, or SharePoint Designer interfaces to access the Web site. Y Y Y Y Y Y
Use Client Integration Features - Use features which launch client applications. Without this permission, users will have to work on documents locally and upload their changes. Y Y Y Y Y N
Open - Allows users to open a Web site, list, or folder in order to access items inside that container. Y Y Y Y Y Y
Edit Personal User Information - Allows a user to change his or her own user information, such as adding a picture. N N N N N N
Manage Personal Views - Create, change, and delete personal views of lists. N N N N N  N
Add/Remove Personal Web Parts - Add or remove personal Web Parts on a Web Part Page. N N N N N N
Update Personal Web Parts - Update Web Parts to display personalized information. N N N N N N

Editor's Note: To read the preceding article to this, see Understanding SharePoint's Internal Communities, Goals, Best Practices