Extranet Collaboration Manager (ExCM) 2010
has the ability to greatly reduce the workload on your IT Department by implementing what we call “Site Sponsors.” Site Sponsors can be either Windows or Forms Based Authentication (FBA) users, and are basically users with some elevated privileges who are capable of managing the Extranet Users for a given site. Let’s take a closer look at Sponsorship and how it’s configured.
We access the Site Sponsors options under the “Extranet Management” menu located in Site Settings:
From that screen we can see any existing Site Sponsors as well as the options for managing them:
For this blog, we will create a new Site Sponsor. Let's assume that the AMCE Corporation is a client of ours who uses our extranet to access information important to them. We will create a new Site Sponsor, a user from the ACME Corporation, and make him responsible for managing all the ACME users who access our extranet. This is an “extreme” example of Sponsorship (since this sponsor is outside the company), but I believe it illustrates the feature nicely. Now, let’s take a closer look at how Sponsorship is configured. After “New Site Sponsor” from the ribbon, the screen below is presented:
First, I will select a user to be the Site Sponsor. I will stick to using Extranet Users for the purpose of this illustration:
Next, we need to configure our Security Settings. This is probably the least understood topic when using Sponsorship, so let’s take a close look at each area. The first area is the “Associative Security Definition.” These are the SharePoint Groups and/or Extranet Roles to which every user this Sponsor invites to the site will automatically be added. In this example, I have created a role name “ACME Members” and added that Role to this site’s “Visitors” SharePoint Group. By entering “ACME Members” in this area, every user that Timmy invites will automatically be added to the “ACME Members” Role and will therefore have basic read-only access since the Role has been added to the site’s “Visitors” group.
The next area is the “Optional Associative Security Definition.” Any SharePoint Group and/or Extranet Role entered here will be presented as checkboxes to the Sponsor when he invites users to the site. In this example, I have entered another Role I created named “ACME Managers” that has greater privileges than the “Members” Role because I have added it to the site’s “Owners” SharePoint Group:
Finally, we have the “Administrative Security Definition.” This includes the Groups and/or Roles that the Site Sponsor can manage. When we say “manage” in this situation, we are referring to specific permissions the Sponsor has been granted. Here are the possible permissions that can be assigned:
All of these are checked by default, but you can customize them to your specific needs. The best practice for the “Administrative Security Definition” is to add any Groups and/or Roles that appear in the first two Security Definition boxes. This ensures that any user the Sponsor Invites, he can also manage:
Finally, we have the “Include Site Groups” option. When this is set to “Yes,” any SharePoint Groups the Sponsor is currently associated with for the site will be included in both the Optional and Administrative Security Definitions. For this example, I will select “No” in this area:
Now that we have successfully created a Site Sponsor, let’s log into our site as that Sponsor and invite a new user from the ACME Corporation. Here are the new options that the new Sponsor sees when clicking “Site Actions:”
From here, they can both invite new users and manage existing users that they sponsor. After clicking on “Invite Users,” we see this:
Notice the “Site Access” area. As you can see, the “Optional” Security Definition appears here to allow the Sponsor to optionally add the new user to the Groups and/or Roles specified…along with the “Associative” Security Definition to which they will be added automatically (ACME Members in this case).
After clicking “Save,” the invitation is sent to the new user. When they open it, here’s what they see:
After completing the registration, we can review it under the “Invitations” area of the Extranet Management menu. Notice the “Sent By” and “Security Definition” areas:
So we can see that this invitation was sent by our new Site Sponsor, and that Jeremy was also added to the appropriate Security Definitions.
The last area we’ll review here is the “Manage Users” screen for the Site Sponsor. After logging back in as my new Sponsor and clicking “Site Settings – Manage Users,” we see this:
From here, the Sponsor can do things like create new user (via invitation or manually), grant and remove access, change a user’s password, etc. Notice that we see an additional user than the one we just invited. This is due to the “Administrative Security Definition.” The other user (Tony) is also a member of the ACME Members and ACME Managers Roles, so our new Sponsor can also manage him.
Site Sponsorship gives IT administrators the ability to offload basic extranet administration tasks to capable, responsible users, freeing up their time for important IT work, and reducing IT labor costs.
Thanks for the details. I have one domain user which is Site Sponsor. I have added Visitors group of the site for Associative and Administrative Security Definition. When that user goes to "Manage Accounts", he can only see Domain users under the Visitors group and not external users. I have added Role into Administrative Security Definition and only then it shows external user. Any thoughts ?