Friday, April 26, 2013

EPC's Understanding SharePoint's Communities- Power Users and Operational on CMSWire.com

The original article post on CMSWire.com can be found at: http://www.cmswire.com/cms/social-business/understanding-sharepoints-communities-power-users-and-operational-020650.php

We've already looked at the Knowledge community in SharePoint, now it's time to look at the Power User and the Operational Communities to see who they are,  and what the specific needs and best practices are for each.

The “Power User”\“Super User” Community

The “Power Users” \ “Super Users” who supports the “care and feeding” of SharePoint communities where I mentioned in the previous article “keep the lights on” and ensure security, performance, governance, compliance and business continuity should follow the following high-level as well as more granularly listed best practices:

sp_roles.png

Because IT and the “Operations” community is usually extremely busy working on “keeping the lights on” the “Power User” community can be your first line of defense as well as a friendly face to engage the business and work with IT to resolve community issues.
 
sp_communities.png
sp_knowledge.png

The “Operational” Community

SharePoint Operational Community and Related Roles support the following in SharePoint:

People (Permissions, Active Directory, Groups, etc.)

  • Roles & Teams
  • Sponsorship

Process and Policies (Enforcement)

  • Security
  • Content Management (Policy Enforcement from a technical level)
  • Hardware & Services
  • Procedures (From an automated or technical level)

Communication and Training (From a technical level)

  • Communication Plan
  • Training Plan
  • Support Plan
It is also key to have these permissions and responsibilities in the operations roles persistent throughout all communities (SharePoint sites \ farms). The roles and responsibilities defined below are specific to SharePoint Communities used for operations and maintenance of SharePoint 2013 and SharePoint 2010.

Note: These will vary based on your specific requirements as well as the site templates and technology versions you have implemented but is a very strong “core” list to pull from:

RoleResponsibilities and TasksGroupPermissionsTrustee
SharePoint Team Manager
  • Responsible for all SharePoint Product and Technology Efforts.
  • Leads SharePoint Steering Committee.
  • Leads SharePoint Team.
  • Major SharePoint Technology Decision Maker
SharePoint TeamFull Control: full control given at the web application policy level for every web application in all farm locations.
Admin Control: full control to all central administration and SharePoint services in all farm locations.
May or may not have system administrative or SQL administration rights.
Application Manager/Infrastructure Architect
SharePoint Application Architect
  • SharePoint Development Team Lead
  • Third Party Configuration
  • Line of Business Integration
  • Governance Model/Best Practices Enforcement
SharePoint TeamFull Control: full control given at the web application policy level for every web application in all farm locations.
Admin Control: full control to all central administration and SharePoint services in all farm locations.
Has system administrative or SQL administration rights in non-production systems.
SharePoint Team Manager
SharePoint System Architect
  • AD and Exchange Integration
  • Profile Synchronization
  • Patch Management (Validation and Testing)
  • Responsible for SharePoint farm infrastructure design, installation, guidelines and best practices.
  • Governance Model/Best Practices Enforcement
  • System Administrators day to day support
  • Search Administration
  • Farm Administrators day to day support
  • Third Party Configuration
SharePoint TeamFull Control: full control given at the web application policy level for every web application in all farm locations.
Admin Control: full control to all central administration and SharePoint services in all farm locations.
Has system administrative or SQL administration rights in production systems.
SharePoint Team Manager
Active Directory Manager
  • Active Directory Management
  • DNS Management
  • Exchange Management
Infrastructure TeamWill not have access to portal or site configuration settings and will not be able to make any changes to the application.SharePoint System Architect
Network Engineer
  • Firewalls
  • WAN
  • WAN Optimization
  • Remote Access Management
  • External Access Management
  • Load Balancing
Infrastructure TeamWill not have access to portal or site configuration settings and will not be able to make any changes to the application.SharePoint System Architect
SharePoint Solution Manager
  • Responsible for SharePoint services, policies, procedures, and governance/best practice enforcement.
  • Liaison between business users and SharePoint Team.
  • Day to day support for Site Collection Managers.
  • Serves as SharePoint champion for all locations.
SharePoint TeamWill not have system administrative or SQL administration rights.
Local Full Control– full control given at the site collection level
SharePoint Application Architect /SharePoint System Architect
SharePoint System Administrator
  • Responsible for SharePoint farm infrastructure change requests.
  • Responsible for day to day maintenance of SharePoint farm OS operations and uptime.
Infrastructure TeamWill not have access to portal or site configuration settings and will not be able to make any changes to the application.IT Manager
SharePoint SQL Database Administrator
  • SQL Server database backup and recovery, SQL configuration, SQL upgrades and monitoring.
  • Responsible for databases, site collection, and site backups.
Infrastructure TeamWill not have access to portal or site configuration settings and will not be able to make any changes to the application.
SQL Administrative rights
IT Manager
SharePoint Solution Analyst
  • Tests custom code and third party tools in non-production systems
  • Defined requirements for proposed solutions to determine whether the solution is Commercial Off the Shelf (COTS), requires custom development or requires feature extension
SharePoint TeamFull Control: full control given at the web application policy level for every web application in virtual lab environments
Admin Control: full control to all central administration and SharePoint services in virtual lab environments
Has system administrative or SQL administration rights in virtual lab environments
SharePoint Application Architect / SharePoint System Architect

Local Group Roles in the Operational Community (End-User Roles)

  • These community (site) roles will be managed by the Farm Administrator.
  • Community (site) users may belong to more than one group to add additional permissions.
  • Community (site) users may also be removed from lower level roles as higher level roles permissions may encompass the permissions of the lower level role.
RolesResponsibilities and Tasks Training PermissionsTrustee
Site Collection Manager (IT) (Top Level Communities or Sites)
  • Manage Features and Solutions for site collection.
  • SharePoint site provisioning for site collection
Instructor led with good understanding of site administration, security, content creation, feature deploymentAccess defined at the SharePoint application level. No access at the system level.Farm Administrator
Site Collection Owner (Solution Manager in Development, IT in Production)
  • Site Collection Owner. Content creation. Manage content.
  • Sub-site management
Instructor led with good understanding of site administration, security, content creationAccess defined at the SharePoint application level. No access at the system level.Site Collection Manager / Farm Administrator
Site Owner (Solution Manager, IT and End User)
  • Site Owner. Content creation. Manage content.
Instructor led with good understanding of site administration, security, content creationAccess defined at the SharePoint application level. No access at the system level. Site Collection Manager / Farm Administrator
Developer (IT Dev is the SharePoint Team). This group exists on all sites at time of creation but is removed prior to go-live.
  • Manage the site layout and structure.
  • Create custom workflows.
  • Create custom Web Parts, solutions and features.
  • Responsible for building the framework and features of the portal.
  • Modify SharePoint templates as needed.
  • Write ASP.Net code.
  • Participate in design tasks as needed.
  • Participate in development and testing as needed.
    Create custom forms.
Instructor led training with CBTs. MS training for Visual Studio, and SharePoint Designer “Developers”Full control of non-production systems.
Access defined at the SharePoint application level. No access at the system level.
Access does not exist in the production environment.
SharePoint Application Architect
MemberContent creation (documents, lists).
Contribute to collaboration sites (blog, wiki).
Initiate workflows.
CBT with good understanding of document libraries and listsAccess defined at the SharePoint application level. No access at the system level.Site Owner
Approver
  • Approve content (documents, lists).
  • Initiate workflows.
CBT with good understanding of content approval and workflowsAccess defined at the SharePoint application level. No access at the system level.Site Owner
ReaderView contentN/AN/ASite Owner

End User Community Permissions

The following is an example of “end user” community permissions based on the user roles for the community (sites) are listed below.

List Permissions

Community Site PermissionsSite Collection ManagerOwnerDeveloperMemberApproverReader
Manage Lists - Create and delete lists, add or remove columns in a list, and add or remove public views of a list.YYYNNN
Override Check Out - Discard or check in a document which is checked out to another user.YYNNNN
Add Items - Add items to lists, add documents to document libraries, and add Web discussion comments.YYYYNN
Edit Items - Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries.YYYYYN
Delete Items - Delete items from a list, documents from a document library, and Web discussion comments in documents. YYYYNN
View Items - View items in lists, documents in document libraries, and view Web discussion comments.YYYYYY
Approve Items - Approve a minor version of a list item or document.YYYYYN
Open Items - View the source of documents with server-side file handlers.YYYYYN
View Versions - View past versions of a list item or document.YYYYYN
Delete Versions - Delete past versions of a list item or documentYY NNN
Create Alerts - Create email alerts.YYYYYN
View Application Pages - View forms, views, and application pages. Enumerate lists.YYYYYY
Manage Permissions - Create and change permission levels on the Web site and assign permissions to users and groups.YNNNNN
View Usage Data - View reports on Web site usage.YYYNNN
Create Sub-sites - Create Sub-sites such as team sites, Meeting Workspace sites, and Document Workspace sites.YYYNNN
Manage Web Site - Grants the ability to perform all administration tasks for the Web site as well as manage content.YNNNNN
Add and Customize Pages - Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services-compatible editor.YYYNNN
Apply Themes and Borders - Apply a theme or borders to the entire Web site.YYYNNN
Apply Style Sheets - Apply a style sheet (.CSS file) to the Web site.YYYNNN
Create Groups - Create a group of users that can be used anywhere within the site collection. .YNNNNN
Browse Directories - Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.YYYYYY
View Pages - View pages in a Web site.YYYYYY
Enumerate Permissions - Enumerate permissions on the Web site, list, folder, document, or list item.YYYYYN
Browse User Information - View information about users of the Web site.YYYYYN
Manage Alerts - Manage alerts for all users of the Web site.YYNNNN
Use Remote Interfaces - Use SOAP, Web DAV, or SharePoint Designer interfaces to access the Web site.YYYYYY
Use Client Integration Features - Use features which launch client applications. Without this permission, users will have to work on documents locally and upload their changes.YYYYYN
Open - Allows users to open a Web site, list, or folder in order to access items inside that container.YYYYYY
Edit Personal User Information - Allows a user to change his or her own user information, such as adding a picture.NNNNNN
Manage Personal Views - Create, change, and delete personal views of lists.NNNNN N
Add/Remove Personal Web Parts - Add or remove personal Web Parts on a Web Part Page.NNNNNN
Update Personal Web Parts - Update Web Parts to display personalized information.NNNNNN

CMSWire.com's Editor's Note: To read the preceding article to this, see Understanding SharePoint's Internal Communities, Goals, Best Practices