Feature
We've already looked at the Knowledge community in SharePoint, now it's time to look at the Power User and the Operational Communities to see who they are, and what the specific needs and best practices are for each.
The “Power User”\“Super User” Community
The “Power Users” \ “Super Users” who supports the “care and feeding” of SharePoint communities where I mentioned in the previous article “keep the lights on” and ensure security, performance, governance, compliance and business continuity should follow the following high-level as well as more granularly listed best practices:
Because IT and the “Operations” community is usually extremely busy working on “keeping the lights on” the “Power User” community can be your first line of defense as well as a friendly face to engage the business and work with IT to resolve community issues.
The “Operational” Community
SharePoint Operational Community and Related Roles support the following in SharePoint:
People (Permissions, Active Directory, Groups, etc.)
- Roles & Teams
- Sponsorship
Process and Policies (Enforcement)
- Security
- Content Management (Policy Enforcement from a technical level)
- Hardware & Services
- Procedures (From an automated or technical level)
Communication and Training (From a technical level)
- Communication Plan
- Training Plan
- Support Plan
It is also key to have these permissions and responsibilities in the operations roles persistent throughout all communities (SharePoint sites \ farms). The roles and responsibilities defined below are specific to SharePoint Communities used for operations and maintenance of SharePoint 2013 and SharePoint 2010.
Note: These will vary based on your specific requirements as well as the site templates and technology versions you have implemented but is a very strong “core” list to pull from:
| Role | Responsibilities and Tasks | Group | Permissions | Trustee |
| SharePoint Team Manager |
| SharePoint Team | Full Control: full control given at the web application policy level for every web application in all farm locations. Admin Control: full control to all central administration and SharePoint services in all farm locations. May or may not have system administrative or SQL administration rights. | Application Manager/Infrastructure Architect |
| SharePoint Application Architect |
| SharePoint Team | Full Control: full control given at the web application policy level for every web application in all farm locations. Admin Control: full control to all central administration and SharePoint services in all farm locations. Has system administrative or SQL administration rights in non-production systems. | SharePoint Team Manager |
| SharePoint System Architect |
| SharePoint Team | Full Control: full control given at the web application policy level for every web application in all farm locations. Admin Control: full control to all central administration and SharePoint services in all farm locations. Has system administrative or SQL administration rights in production systems. | SharePoint Team Manager |
| Active Directory Manager |
| Infrastructure Team | Will not have access to portal or site configuration settings and will not be able to make any changes to the application. | SharePoint System Architect |
| Network Engineer |
| Infrastructure Team | Will not have access to portal or site configuration settings and will not be able to make any changes to the application. | SharePoint System Architect |
| SharePoint Solution Manager |
| SharePoint Team | Will not have system administrative or SQL administration rights. Local Full Control– full control given at the site collection level | SharePoint Application Architect /SharePoint System Architect |
| SharePoint System Administrator |
| Infrastructure Team | Will not have access to portal or site configuration settings and will not be able to make any changes to the application. | IT Manager |
| SharePoint SQL Database Administrator |
| Infrastructure Team | Will not have access to portal or site configuration settings and will not be able to make any changes to the application. SQL Administrative rights | IT Manager |
| SharePoint Solution Analyst |
| SharePoint Team | Full Control: full control given at the web application policy level for every web application in virtual lab environments Admin Control: full control to all central administration and SharePoint services in virtual lab environments Has system administrative or SQL administration rights in virtual lab environments | SharePoint Application Architect / SharePoint System Architect |
Local Group Roles in the Operational Community (End-User Roles)
- These community (site) roles will be managed by the Farm Administrator.
- Community (site) users may belong to more than one group to add additional permissions.
- Community (site) users may also be removed from lower level roles as higher level roles permissions may encompass the permissions of the lower level role.
| Roles | Responsibilities and Tasks | Training | Permissions | Trustee |
| Site Collection Manager (IT) (Top Level Communities or Sites) |
| Instructor led with good understanding of site administration, security, content creation, feature deployment | Access defined at the SharePoint application level. No access at the system level. | Farm Administrator |
| Site Collection Owner (Solution Manager in Development, IT in Production) |
| Instructor led with good understanding of site administration, security, content creation | Access defined at the SharePoint application level. No access at the system level. | Site Collection Manager / Farm Administrator |
| Site Owner (Solution Manager, IT and End User) |
| Instructor led with good understanding of site administration, security, content creation | Access defined at the SharePoint application level. No access at the system level. | Site Collection Manager / Farm Administrator |
| Developer (IT Dev is the SharePoint Team). This group exists on all sites at time of creation but is removed prior to go-live. |
| Instructor led training with CBTs. MS training for Visual Studio, and SharePoint Designer “Developers” | Full control of non-production systems. Access defined at the SharePoint application level. No access at the system level. Access does not exist in the production environment. | SharePoint Application Architect |
| Member | Content creation (documents, lists). Contribute to collaboration sites (blog, wiki). Initiate workflows. | CBT with good understanding of document libraries and lists | Access defined at the SharePoint application level. No access at the system level. | Site Owner |
| Approver |
| CBT with good understanding of content approval and workflows | Access defined at the SharePoint application level. No access at the system level. | Site Owner |
| Reader | View content | N/A | N/A | Site Owner |
End User Community Permissions
The following is an example of “end user” community permissions based on the user roles for the community (sites) are listed below.
List Permissions
| Community Site Permissions | Site Collection Manager | Owner | Developer | Member | Approver | Reader |
| Manage Lists - Create and delete lists, add or remove columns in a list, and add or remove public views of a list. | Y | Y | Y | N | N | N |
| Override Check Out - Discard or check in a document which is checked out to another user. | Y | Y | N | N | N | N |
| Add Items - Add items to lists, add documents to document libraries, and add Web discussion comments. | Y | Y | Y | Y | N | N |
| Edit Items - Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries. | Y | Y | Y | Y | Y | N |
| Delete Items - Delete items from a list, documents from a document library, and Web discussion comments in documents. | Y | Y | Y | Y | N | N |
| View Items - View items in lists, documents in document libraries, and view Web discussion comments. | Y | Y | Y | Y | Y | Y |
| Approve Items - Approve a minor version of a list item or document. | Y | Y | Y | Y | Y | N |
| Open Items - View the source of documents with server-side file handlers. | Y | Y | Y | Y | Y | N |
| View Versions - View past versions of a list item or document. | Y | Y | Y | Y | Y | N |
| Delete Versions - Delete past versions of a list item or document | Y | Y | N | N | N | |
| Create Alerts - Create email alerts. | Y | Y | Y | Y | Y | N |
| View Application Pages - View forms, views, and application pages. Enumerate lists. | Y | Y | Y | Y | Y | Y |
| Manage Permissions - Create and change permission levels on the Web site and assign permissions to users and groups. | Y | N | N | N | N | N |
| View Usage Data - View reports on Web site usage. | Y | Y | Y | N | N | N |
| Create Sub-sites - Create Sub-sites such as team sites, Meeting Workspace sites, and Document Workspace sites. | Y | Y | Y | N | N | N |
| Manage Web Site - Grants the ability to perform all administration tasks for the Web site as well as manage content. | Y | N | N | N | N | N |
| Add and Customize Pages - Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services-compatible editor. | Y | Y | Y | N | N | N |
| Apply Themes and Borders - Apply a theme or borders to the entire Web site. | Y | Y | Y | N | N | N |
| Apply Style Sheets - Apply a style sheet (.CSS file) to the Web site. | Y | Y | Y | N | N | N |
| Create Groups - Create a group of users that can be used anywhere within the site collection. . | Y | N | N | N | N | N |
| Browse Directories - Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces. | Y | Y | Y | Y | Y | Y |
| View Pages - View pages in a Web site. | Y | Y | Y | Y | Y | Y |
| Enumerate Permissions - Enumerate permissions on the Web site, list, folder, document, or list item. | Y | Y | Y | Y | Y | N |
| Browse User Information - View information about users of the Web site. | Y | Y | Y | Y | Y | N |
| Manage Alerts - Manage alerts for all users of the Web site. | Y | Y | N | N | N | N |
| Use Remote Interfaces - Use SOAP, Web DAV, or SharePoint Designer interfaces to access the Web site. | Y | Y | Y | Y | Y | Y |
| Use Client Integration Features - Use features which launch client applications. Without this permission, users will have to work on documents locally and upload their changes. | Y | Y | Y | Y | Y | N |
| Open - Allows users to open a Web site, list, or folder in order to access items inside that container. | Y | Y | Y | Y | Y | Y |
| Edit Personal User Information - Allows a user to change his or her own user information, such as adding a picture. | N | N | N | N | N | N |
| Manage Personal Views - Create, change, and delete personal views of lists. | N | N | N | N | N | N |
| Add/Remove Personal Web Parts - Add or remove personal Web Parts on a Web Part Page. | N | N | N | N | N | N |
| Update Personal Web Parts - Update Web Parts to display personalized information. | N | N | N | N | N | N |
Editor's Note: To read the preceding article to this, see Understanding SharePoint's Internal Communities, Goals, Best Practices
