We're a 500-person services business, relatively new to SharePoint and recreating many legacy applications in SharePoint. We have a couple developers and an administrator and have been trying very hard to segregate those roles. The administrator
controls Audiences, SharePoint groups, Distribution Lists, etc. Developers have read access to Active Directory, but no rights to view or edit SP groups, Global Audiences, or Distribution Lists. When user issues arise, the developer must
always suspect a group membership problem but can't know enough to confirm or deny.
I would love to hear how others handle this. Do your developers have admin rights? (And what problems does that cause?). Do you have strict naming conventions to differentiate GA from SP from Dist List? Do you have 3rd party tools to synchronize groups,
so you can have perfect confidence that the Global Audience "Busboys" contains exactly the same users as the Active Directory group "Busboys?" Is there a way for developers to have read-only access to the various groups so they can troubleshoot membership
problems without endangering security?
View Complete Post