Mar 03 2020
02:12 AM
- last edited on
Feb 01 2023
11:50 AM
by
TechCommunityAP
Mar 03 2020
02:12 AM
- last edited on
Feb 01 2023
11:50 AM
by
TechCommunityAP
Hi,
We are a small ISV company with 12 employees, and we are on Office 365. We also use Azure DevOps for source repository and work-item tracking.
I am the CEO and co-owner. Me and the other co-owner are global admins.
Being a small company, I am also the "IT department", which includes things like:
* Adding and removing employees, configuring permissions, etc
* Creating external SharePoint sites for customer collaboration
* Adding and removing guest accounts (for customer collaboration)
* Etc
This has started to become a burden for me, and I would like to delegate at least some of the work to one of our employees. However, I don't want to make the person a global admin, since that would, at least in theory, give access to sensitive data (my email, HR documents with salaries, etc).
What are the recommended strategy to do this? I know there are more granular admin roles than global admin, but I don't see how this can help much. For instance, if I want to delegate the work to maintain our external sites for collaboration, I guess I could make my employee "SharePoint admin". But as soon as I do that, the employee (I guess) will get access to the SharePoint HR-site which contains the salary files, etc.
Any advice?
Mar 03 2020 09:33 AM
You can grant him permissions on the Site collections in question only, either as primary/secondary SC admin.
Mar 03 2020 10:20 PM
Yes, you can provide them permission for a specific site only instead of Sharepoint Admin. External users will only be available to modify a given site as you delegate.
Mar 03 2020 11:55 PM
@binodmaharjan_2020 , @Vasil Michev : This would only help slightly. The tasks that this "semi-admin" would perform is much more than only maintaining security on a few site collections. Of the examples I mentioned, only the second task would be possible using your proposal:
* Adding and removing employees, configuring permissions, etc
* Creating external SharePoint sites for customer collaboration
* Adding and removing guest accounts (for customer collaboration)
* Etc
I am more looking for a way to grant permissions to a person enough to do more or less everything except a few things, such as the managers' email, some document libraries/sites etc.
This must be something that all companies of significant size must struggle with? I don't believe that the CEO of many companies handle all Office 365 management tasks - so how do they solve it?
Mar 04 2020 08:17 AM
There's nothing built-in in O365 for that, you'll have to look into third-party tools that do a "portal replacement" type of products.
Mar 04 2020 08:37 PM