Export (0) Print
Expand All

Configure personalization permissions

Office 2007

Updated: March 26, 2009

Applies To: Office SharePoint Server 2007

 

Topic Last Modified: 2009-03-20

In this article:

Before enabling personalization features in your deployment, you must first configure permissions to personalization features. Although some permissions are configured by default for deployments using Active Directory directory services, other configuration options vary according to the specific plan for deployment.

Administrators of the Shared Services Provider (SSP) have limited ability to configure personalization services. The administration options for personalization services are associated with a set of permissions for different personalization features. Administrators can have access to some or all of these administration options.

The users of the SSP have access to personal features associated with My Sites. Administrators of personalization permissions are responsible for configuring any changes to the default permissions for users.

SSP administrators can view the SSP Home page and some configuration options, but many of the personalization management tasks are only available to administrators that have additional permissions. These additional configuration tasks include:

  • Managing permissions.

  • Managing user profiles.

  • Managing audiences.

  • Managing portal usage for personalization.

By default, the account that was used to install Microsoft Office SharePoint Server 2007 on the server has all of these permissions. This account can be used to delegate permissions to other users.

In some organizations, one SSP administrator will have all permissions, and access to every management task. In other organizations, the permissions will be distributed among more than one administrator. Refer to your deployment plan when adding permissions for administrators.

Use the following procedure to configure administrator permissions to the SSP for personalization services.

Configure administrator permissions to the SSP for personalization sites
  1. Open the administration page for the SSP.
    To open the administration page for the SSP, perform the following:

    1. On the top navigation bar, click Application Management.

    2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.

    3. On the Manage this Farm’s Shared Services page, there is a link to each SSP and links to the Web applications for each SSP. Click the link for the SSP that you want to open.

    You can also access the SSP by clicking the link to the SSP Home page in the Quick Launch.

  2. On the SSP Home page, in the User Profiles and My Sites section, click Personalization services permissions.

  3. On the Manage Permissions page, click Add Users/Groups.

  4. On the Add Users/Groups page, in the Choose Users section, type the name of the users and groups that you want to add. If a user or group is already on the list, select the check box for that user or group, and then click Modify Permissions of Selected Users.

  5. In the Choose Permissions section, select the permissions that you want for the added users and groups:

    • To enable administration of user profiles, select Manage user profiles. Users who have this permission can access the User profiles and properties page and the Profile services policies page.

    • To enable administration of permissions to personalization services, select Manage permissions.

    • To enable administration of audiences, select Manage Audiences.

    • To enable administration of the portal usage reporting service, select Manage usage analytics.

  6. Click Save.

SSP administrators managing Profile Services must have access to the SSP pages for Profile Services. This access is in addition to the separate permissions to the service. To access the SSP Home page, an account must be a member of the Site Collection Administrators group.

By default, the account that set up the SSP is a member of the Site Collection Administrators group. For the first SSP in the initial deployment, that is the account that was used to install Office SharePoint Server 2007. If that same account is used to administer the SSP, no additional steps are necessary. In most organizations, SSP administration will be delegated to one or more additional users. The account used to set up the SSP can be used to add other accounts to the Site Collection Administrators group.

Use the following procedure to configure access to SSP pages.

Configure access to SSP pages
  1. Open the administration page for the SSP.
    To open the administration page for the SSP, perform the following:

    1. On the top navigation bar, click Application Management.

    2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.

    3. On the Manage this Farm’s Shared Services page, there is a link to each SSP and links to the Web applications for each SSP. Click the link for the SSP that you want to open.

    You can also access the SSP by clicking the link to the SSP Home page in the Quick Launch.

  2. On the SSP Home page, click the Site Actions menu.

  3. In the Site Action menu, click Site Settings.

  4. On the Site Settings page, in the Users and Permissions section, click Site collection administrators.

  5. On the Site Collection Administrators page, in the Site Collection Administrators section, perform the following:

    1. Type the name or account that you want to add to the Site Collection Administrators group.

    2. Click the Check Names icon. If the name or account is found in directory services, it will appear as a link in the text box.

    3. If the name or account was not found, or if you want to search for more users, click the Browse icon.

    4. On the Select People dialog box, in the Find box, type part or all of the user's name or account name, and then press Enter. All accounts that match appear in the text box.

    5. Select one or more accounts that you want to add, and then click Add.

    6. When you are done adding SSP administrators, click OK.

  6. On the Site Collection Administrators page, click OK.

After configuring permissions for administrators, it is time to configure permissions for other users. By default, all users have both of the following permissions:

  • Use personal features

  • Create personal site

Users who have the Use personal features permission can see personalized information in sites, including user profiles for other users. Users who have both the Use personal features permission and the Create personal site permission can create a My Site by clicking the My Site link in the top navigation bar.

In some organizations, personalization features may not be enabled. In these scenarios, the administrator with permission to manage permissions would remove these permissions for all authenticated users.

In other organizations, only some users will have access to personalization features. In these scenarios, the personalization permissions would be removed for the All Authenticated Users group, and another group would be created containing users who have both permissions.

In some organizations, My Sites will be created on a case-by-case basis, or created by managers during deployment. In these scenarios, users would have the Use personal features permission, but not the Create personal site permission.

Because these permissions are managed in the same place as administrator permissions, it is possible to create several groups with different combinations of permissions. It is recommended that you carefully plan group permissions during the initial deployment so that you can minimize administration tasks during regular operations.

Use the following procedure to configure user permissions for personalization.

Configure user permissions for personalization
  1. On the SSP home page, in the User Profiles and My Sites section, click Personalization services permissions.

  2. On the Manage Permissions page, click Add Users/Groups.

  3. On the Add Users/Groups page, in the Choose Users section, type the name of the users and groups that you want to add. If a user or group is already on the list, select the check box for that user or group, and then click Modify Permissions of Selected Users.

  4. In the Choose Permissions section, select the permissions that you want for the added users and groups:

    • To enable creation of My Sites, select Create personal site.

    • To enable access to personalization features, select Use personal features.

  5. Click Save.

Access to personalized information can also be modified by configuring profile services policies for users. For more information about configuring profile services policies, see Configure policies for Profile Services.

Users of personalization services have the permissions given to them by administrators, but these permissions are limited to the services consumed from a single SSP.

While good planning can avoid many situations where users need access to multiple My Sites, some scenarios may require that a user have access to more than one My Site host location. The typical scenario that requires multiple My Site host locations is a geographically distributed deployment with multiple sets of shared services in different locations. In these scenarios, it is common for each region to have its own set of My Sites and personalization features based on the needs of each region.

Use the following procedure to add trusted My Site host locations.

Add trusted My Site host locations
  1. On the SSP home page, in the User Profiles and My Sites section, click Trusted My Site host locations.

  2. On the Trusted My Site Host Locations page, click New to add another Trusted My Site host location.

  3. On the Trusted My Site Host Locations: New Item page, in the URL section, type the URL of the trusted My Site host location, and type a description for the location.

  4. In the Target Audiences section, select one or more audiences to use. For trusted My Site locations, the relevant audiences typically represent the set of users that belong to each My Site host location.

  5. Click OK.

During regular operations, in response to changes in directory services, one or more users often end up with My Sites in different locations. Trusted My Site host locations can be used to provide access to personalization features targeted for only these users, without enabling access to all users.

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Office SharePoint Server technical library.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft