delegated administrator - security definition issue

When I create a new delegated administrator, I assign to them a security definition. The only way for the sharepoint groups I've assigned to the new administrator to be associated with new users that are invited to the site is if I add the same sharepoint groups to the security definition area on the invite users page.

How do I ensure that once I've associated a delegated administrator with a security definition that invited users are automatically added to those groups when they are invited?

Have more questions? Submit a request

4 Comments

  • 0
    Avatar
    Tony Bierman

    Is your delegated administrator a site collection administrator? Site Collection Administrators have higher access than a delegated administrator. They have the ability to grant access to any SharePoint Group or Membership Role available to the site. Site Collection Administrator access overrides any delegated administrator access and therefore your security definition would not be applied.

  • 0
    Avatar
    Robert Hostetler

    Yes the user was a site collection administrator. I tried again with a non-admin account and it worked as expected.

    Thank you!

  • 0
    Avatar
    Konnie McCauley

    We have several sites under one site collection.  Can we make a person a delegated administrator for one site and they be able to review invitations for that site only?  Or, do they have to be a site collection administrator to see the additional site registration and delegation settings?  We have to keep permissions and administrators separate for each site.  One administrator cannot see other sites in the same site collection.  Is there a way to open the site registration and delegation settings for a site administrator without giving them site collection administrator priviliges?

  • 0
    Avatar
    Tony Bierman

    The invitations list is only accessible by a site collection administrator. To give access to this piece and any other ExCM administrative behavior requires site collection administrator access. You can of course make a user a delegated administrator which gives them the ability to perform administrative tasks on a sub-set of users. Some of these tasks include granting site access, creating new accounts, sending invitations and resetting passwords. The access a site sponsor can grant and the sub-set of users they can manage are defined by the SharePoint Groups and Extranet Roles listed in the site sponsor security definition. The best way to give a user access to the ExCM administrative tasks without allowing access to other sites is to create a separate site collection for this content.

Please sign in to leave a comment.