Managed metadata service application overview (SharePoint Server 2010)

 

Applies to: SharePoint Server 2010

The managed metadata service application makes it possible to:

  • Use managed metadata.

  • Share content types across site collections and Web applications.

A managed metadata service publishes a term store and, optionally, content types; a managed metadata connection consumes these. This article describes the managed metadata service and connections, and provides an example scenario for using them. Before reading this article, you should understand the concepts described in the article Managed metadata overview (SharePoint Server 2010). To learn more about how to design your managed metadata service application topology, after reading this article, see Plan to share terminology and content types (SharePoint Server 2010). For instructions for creating a managed metadata service and connections, see Managed metadata administration (SharePoint Server 2010).

In this article:

  • Managed metadata services

  • Managed metadata connections

  • Permissions for accessing a managed metadata service

  • Example scenario

Managed metadata services

When you enable managed metadata in your SharePoint Server 2010 application, a managed metadata service and connection are created automatically. The service identifies the database to be used as the term store, and the connection provides access to the service. When you create new managed terms, or when users add enterprise keywords, these terms are stored in the database that is specified in the managed metadata service. When you publish a managed metadata service, a URL to the service is created. Before an administrator can create a connection to the service from another Web application, the administrator must know the URL of the service.

In addition to sharing managed metadata, you can also use the managed metadata service to share content types. By creating a new managed metadata service and specifying a site collection as the content type hub, you can share all content types in the site collection’s content type gallery. The content type information that is shared includes columns, workflow associations, and policies.

Note

The workflows themselves must already exist in the destination site collection. Only the association between a content type and a workflow is shared.

You can create multiple managed metadata services, and share multiple term stores and content types from multiple site collections. However, each managed metadata service must specify a different term store. When you specify a nonexistent database for the term store, a new database is created.

For more information about creating a managed metadata service, see Create, update, publish, or delete a managed metadata service application (SharePoint Server 2010).

Managed metadata connections

To use managed metadata, a Web application must have a connection to a managed metadata service. A Web application can have connections to multiple services, and the services can be local to the Web application or remote. When you create a managed metadata service, a connection to the service is created automatically in the same Web application as the service.

After you create a connection to a managed metadata service, you can configure the following four options:

  • Default keyword location: Whether to store new enterprise keywords in the keyword set in the term store associated with this managed metadata service.

  • Default term set location: Whether to store the term sets that are created when you create new managed metadata site columns in this managed metadata service’s term store.

  • Use content types: Whether to make the content types that are associated with this managed metadata service (if any) available to users of sites in this Web application. This option is available only if the service has a hub defined to share content types.

  • Push-down Content Type Publishing updates from the Content Type Gallery to sub-sites and lists using the content type: Whether to update existing instances of the changed content types in sub-sites and libraries.

If no connection is specified as the default keyword location, users cannot create new enterprise keywords. If no connection is specified as the default term set location, users can only specify an existing term set when they create a site column whose data type is managed metadata.

Important

Within a Web application, do not make more than one connection the default keyword location. Within a Web application, do not define more than one connection as the default term set location.

For more information about creating a connection to a managed metadata service, see Create, update, or delete a managed metadata service connection (SharePoint Server 2010).

Permissions for accessing a managed metadata service

Three things are required to create a connection to a managed metadata service:

  • You must know the URL of the service.

  • If this will be a cross-farm connection, the farm on which the service runs and the farm on which the connection runs must have a trust relationship.

  • The service must have granted permission to the application pool account of the Web application in which the connection is created.

When you create a connection from a Web application to a service, the connection runs with the credentials of the Web application's application pool account. Users of sites in the Web application can perform different actions depending on the permission that the service grants to the application pool account. There are three levels of permission: read, restricted, and full.

The following table indicates which actions are enabled, depending on the permissions that the service grants.

Action Read Restricted Full

View terms and term sets

Yes

Yes

Yes

Add existing terms and existing enterprise keywords to documents and list items

Yes

Yes

Yes

Bind columns to existing term sets

Yes

Yes

Yes

View and use content types from the content type hub (if the service provides a hub)

Yes

Yes

Yes

Add new terms to open term sets

No

Yes

Yes

Create new enterprise keywords (if the connection is configured to enable this)

No

Yes

Yes

Create local term sets (if the connection is configured to enable this)

No

Yes

Yes

Add and modify content types in the content type hub (if the service provides a hub)

No

No

Yes

Manage terms and term sets (if the user is authorized to do this)

No

No

Yes

Important

By default, all application pool accounts that are local to the farm on which the service runs have full access to the managed metadata service. To grant an application pool account lesser permission - that is, read-only or restricted access - you must first remove or reduce the permissions of the Local farm group.

For more information about granting permissions to access a managed metadata service application, see Grant permission to access the managed metadata service (SharePoint Server 2010).

Example scenario

This example shows how a company configures its managed metadata services and connections. The company has already made the following decisions, which affect the design of the managed metadata services infrastructure:

  • There is a corporate taxonomy that is strictly controlled and is used by everyone.

  • All keywords will be stored centrally, to encourage people to reuse the same keywords.

  • Every document that is created must include values for a core set of properties. The document content type has been updated to include columns for these additional properties.

  • My Sites will reside in one Web application, and site collections for various team sites will reside in another Web application.

The legal department also has a requirement that affects how the managed metadata services are configured. The legal department plans to represent confidential information by using term sets. These term sets must be available to users of all of the legal department's site collections, but users of other site collections may not view or use these term sets.

Design

The following figure shows how the company designs its managed metadata services infrastructure. The design is described in detail in the paragraphs that follow the figure.

Managed metadata services and connections example

The corporate managed metadata service is the primary managed metadata service for all SharePoint Server 2010 sites in the company. The corporate taxonomy is represented by global term sets in the term store that is associated with the corporate managed metadata service. The content type hub that is associated with the corporate managed metadata service makes shared content types available to users of all site collections.

Every Web application has a connection to the corporate managed metadata service. The connections from the My Site Web application, the team sites Web application, and the legal sites Web application, numbered 2, 3, and 4 in the figure, all have restricted access to the corporate managed metadata service. Restricted access lets users of the sites in these Web applications use the shared content types and global term sets, add new enterprise keywords, and create local term sets, but it prohibits them from modifying global term sets.

The administrative Web application hosts the site collection from which authorized users manage the corporate taxonomy and the shared content types. The site collection's content type gallery contains the shared content types, such as the updated document content type that reflects the additional required properties. This content type gallery is the content type hub of the corporate managed metadata service. The connection from the administrative Web application, numbered 1 in the figure, has full access to the corporate managed metadata service.

The term store that is associated with the legal department's managed metadata service contains term sets that represent confidential information that the legal department uses. Only the legal sites Web application has a connection to legal's managed metadata service, so that users of the site collections in the legal sites Web application can manage their term sets.

Permissions

The following table summarizes the permission that each managed metadata service grants to the accounts that the connections use to access the service. Note that local farm is explicitly given reduced permission. If you do not remove or reduce the permissions for local farm, other local accounts will connect to the services by using the permissions that are specified for local farm.

Account Corporate managed metadata service Legal's managed metadata service

Local farm

Read permission

No permission

Administrative Web application's application pool account

Full permission

No permission

My Site Web application's application pool account

Restricted permission

No permission

Team sites Web application's application pool account

Restricted permission

No permission

Legal sites Web application's application pool account

Restricted permission

Full permission

Connection parameters

All connections to the corporate managed metadata service specify that the corporate managed metadata service is the default location to store keywords. Because the connection from the legal sites Web application to the corporate managed metadata service is the default keyword location, its connection to legal's managed metadata service is not the default keyword location.

The connections from the administrative Web application, the My Site Web application, and the team sites Web application to the corporate managed metadata service specify that the corporate managed metadata service is the place to store column-specific term sets. The connection from the legal Web application to the corporate managed metadata service specifies not to store column-specific term sets. The connection from the legal Web application to the legal managed metadata service specifies that it is the default location for column-specific term sets.

Note

Either managed metadata service would be an acceptable location for column-specific term sets from the legal sites Web application. Because column-specific term sets are local to the site collection from which they are created, users of other site collections cannot see them.

securitySecurity Note
Metadata publishing should not be enabled for any library that contains documents that might have metadata that other users should not see. Metadata publishing is disabled by default. For more information about metadata publishing, see Configure Enterprise Metadata and Keyword Settings for a list or library.

All connections to the corporate managed metadata service specify that they will use content types and that they will push down content type changes. Because legal's managed metadata service has no content type hub, the connection to legal's managed metadata service does not specify to use content types or to push-down content type changes.

The following table summarizes the connection settings for each connection to a managed metadata service. The connection numbers refer to the lines in the previous figure.

Connection Managed metadata service Web application Default keyword location Column-specific term set location Use content types Push-down content types

1

Corporate managed metadata service

Administrative Web application

Yes

Yes

Yes

Yes

2

Corporate managed metadata service

My Site Web application

Yes

Yes

Yes

Yes

3

Corporate managed metadata service

Team sites Web application

Yes

Yes

Yes

Yes

4

Corporate managed metadata service

Legal sites Web application

Yes

No

Yes

Yes

5

Legal's managed metadata service

Legal sites Web application

No

Yes

N/A

N/A

See Also

Concepts

Managed metadata overview (SharePoint Server 2010)
Plan to share terminology and content types (SharePoint Server 2010)
Create, update, publish, or delete a managed metadata service application (SharePoint Server 2010)
Create, update, or delete a managed metadata service connection (SharePoint Server 2010)
Grant permission to access the managed metadata service (SharePoint Server 2010)

Other Resources

Resource Center: Managed Metadata and Taxonomy in SharePoint Server 2010