Skip to main content

Cloud

Understanding the Difference between Site Administrators and Site Collection Administrators and Site Collection Owners in Windows SharePoint Services

A Windows SharePoint Services Site is a set of web sites on a virtual server that have the same owner and share administration settings. Each site collection contains a top-level Web site and can contain one or more subsites. There are several ‘roles’ that have different levels of control over sites at different levels. They are, in ascending level of control, the Site Administrator, the Site Collection Administrator, the Site Collection Owner, and the Server Administrator. This can become confusing especially when trying to determine who has access to the site.

Site Administrators

Have control over a site and its subsites and can:

  • delete the site
  • add or delete subsites
  • change the settings
  • view, add, delete, or change all content within the site or subsites
  • add and remove users
  • send invitations

Site Collection Administrators

Have full administrative rights to all sites and content within a site collection. In addition to having all the rights of the Site Administrator they can:

  • add and remove users from the Site Collection Users
  • modify User Information throughout the site collection. For instance, can change the e-mail or display name of a user throughout the site collection

Site Collection Owners (and Secondary Owners)

When you create a site collection, Windows SharePoint Services automatically lists you as the site collection owner. You can change the site collection owner via the Manage Site Collection Owners page in Central Administration or by using the site owner operation with Stsadm.exe. Site collection owners and secondary owners are also site collection administrators. In addition to those permissions they also:

  • receive e-mail notifications for events, such as the pending automatic deletion of inactive sites
  • receive requests for access from users who have been denied access

Server Administrators

By default any user who is a member of the Administrators group on the SharePoint server can manipulate any SharePoint site. This is not always desirable. Assuming you have install the SharePoint Portal Server 2003 Hotfix Package 898547 you can remove the Sever Administrators’ permission by running the following stsadm command:

stsadm -o setproperty -propertyname denymachineadminaccess -propertyvalue 1

References

Windows SharePoint Services Security Model

http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsb03.mspx

Users who are members of the local Administrators group have access to all the content in your Windows SharePoint Services Web sites

http://support.microsoft.com/kb/892295/

Members of a local administrators group can access all portals and pages of a SharePoint Portal Server 2003 site, even if they do not have permissions for the portal areas

http://support.microsoft.com/kb/906171/en-us

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Aaron Steele

More from this Author

Follow Us