Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

Any way to grant "read" permissions to all sites in all site collect

  Asked By: Dominique Higgins         Date: Jan 10, 2010      Category: Sharepoint      Views: 791
 

I just found out that our CSOs want to have "read" access to our entire intranet
(possibly including each personal site, public and "private" info). Since this
is not something they had ever requested before, we never really had anything in
place (a global "read" group) to accomodate this.

For IT folks who need to get in and do maintenance and support others, we have
site collection admins and farm-level accounts that can do basically anything in
any site. BUT I want something *like* that, but only w/ read access. The CSOs
sometimes have trouble checking out and editing docs, so I would NOT want them
to give them more power and risk all kinds of screw ups.

Help! Any ideas? I don't want to go into each site (we have only 4 site
collections, so most subsites have broken inheritance, and several
lists/libraries, too) and add a "CSO" group w/ read permissions. One, it would
take a long time to do this, but I would also be concerned that each site admin
would have the ability to remove that group. And each new site and personal site
would need to add them in. Just too much to manage at such a granular level.

Tagged:                      

 

5 Answers Found

 
Answer #1       Answered By: Upendra Bordoloi          Answered On: Jan 10, 2010       

Create a Policy for Web Application that grants them read  access to the Web
Application. this will give  them read access  to all material located in that
web application.

 
Answer #2       Answered By: Ali Javed          Answered On: Jan 10, 2010       

On the Application Management tab in the Central Admin web site  in the
Application Security section click on the link for Web Application Policies.

You can use this to grant  a specific AD user or group  a permission policy level
to a web application zone that overrides the permissions  set at the site
collection level. Set up a Policy for each web application in your environment
assigning the CWO 'Grant Read' access. This will give  him read  access to
everything in the web app. You will need to setup a policy for each web
application in your SharePoint farm and remember to add new web applications to
the policy list as they are created.

 
Answer #3       Answered By: Karrie Wooten          Answered On: Jan 10, 2010       

So, when you say it overrides the permissions  set at the site  collection level,
does that mean that they will no longer have the contributor permissions they
already have in several team sites? Or does this simply add "read" to all sites
w/out taking away any higher permission levels made at the site level?

Thanks! This should work very well! I think we only have one web app in our
environment (not sure- I'm not in IT, so I'll check w/ them).

I really appreciate your help! I actually had a dream last night that I found  a
solution for this issue, so it's definitely been on my mind too much! And you
literally made my dream come true!

 
Answer #4       Answered By: Alan West          Answered On: Jan 10, 2010       

This is the one place in SharePoint where you can set either grant  or Deny in
reference to permissions. Since you are talking about granting read  access in
this case it would be additive. But it can also be used to Deny a specific set
of permissions  for a whole web application. In that case the individual
permission setting of Deny will override the individual permission setting in
the permission level set at the site  collection level or lower. But it only
overrides the individual permission in the permission level. Any permission not
set in the policy at the web application level will still be in effect.

For example. Let's say you Deny the Edit Item permission in the policy and the
user has contribute at the site collection  level. They won't be able to edit
items, but would still have the ability to read items based on their permissions
as a contributor.

 
Answer #5       Answered By: Maribel Todd          Answered On: Jan 10, 2010       

This won't take away any of their current permissions, it simply adds a
higher level of permission.

 


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011