Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

How to Give a User Access to Only the Term Store in SharePoint 2010/2013 Central Administration

/
/
ad-mania

There are situations when there is a need to give a regular user the ability to manage the managed metadata term store in SharePoint but you don’t want the user to have access to any other part of the Central Administration. In this article I will walk you through the steps that are required to achieve this goal. I will use SharePoint 2013 screens in this article but the procedure for SharePoint 2010 is exactly the same.

  1. Login to the SharePoint Server as an Administrator who has access to the Central Administration.
  2. Start the Central Administration console.
  3. Select Manage service applications in the Application Management section.
    ManageMMD_00
  4. Select the Managed Metadata Service but do not click on the hyperlink because that will take you into the term store tool, simply select a blank area next to the blue hyperlink so the service application is selected. Then on the ribbon click Administrators.
    ManageMMD_01
  5. In the top box add the user, e.g. BillG, and then in the lower box give the user Full Control permission to the managed metadata service application so that the user will be able to manage the term store. After checking the box for Full Control, click OK.
    ManageMMD_01a
  6. Besides giving the user access to the service application, you also need to make the user an Administrator of the term store by going to the term store tool and adding his name to the Term Store Administrators. Make sure you click Save at the bottom of the screen after adding his name.
    NOTE: This action automatically adds his name to the Delegated Administrators group in Central Administration -> Site Settings -> Site Permissions.
    ManageMMD_04
  7. From his workstation, the user can now access the Central Administration in his Web browser by typing the URL for the Central Administration, e.g. http://ServerName:9999, where 9999 is the port number. Don’t worry, he won’t have complete access to the Central Administration. When the user logs in with his credentials he will only see one link to manage service applications and when he clicks that link he won’t even see the other service applications.
    ManageMMD_02
  8. The user will only see the managed metadata term store. Notice that other than managing the managed metadata service the rest of the options are disabled on the ribbon.
    ManageMMD_03
  9. When he clicks the hyperlink to the managed metadata service he is taken to the term store and can now manage the term store.
    ManageMMD_04
  10. If you ever decide to remove his ability to manage the term store in the future you need to do three things:
    a) Remove his permissions in the service application (step 5 above).
    b) Remove his account in the Term Store Administrators (step 9 above).
    c) Remove him from the Delegated Administrators group in Central Administration Web site.
  11. The first two steps are obvious because you are reversing the actions you took. Here’s how you take care of the third step. Go to Central Administration -> Site Settings -> Site Permissions.
    ManageMMD_05
  12. Click the Delegated Administrators group.
    ManageMMD_06
  13. Select the box next to the user’s name and then on the Actions menu select Remove Users from Group.
    ManageMMD_07
  14. At this point the user will no longer have access to the term store or the Central Administration. In fact, removing user’s access in any of the three steps (step 5, step 9 or step 13) will deny him access to the term store.

In summary, to give an individual user the ability to managed the term store, you can give the user administrative access via the Managed Metadata service application and add the user’s name to the Term Store Administrators. The user will be able to connect to the Central Administration from his/her workstation by simply entering the URL for the Central Administration, providing the login credentials and will only have the ability to manage the term store in Central Administration. The user will not see any other items in the Central Administration. If you want to reverse the action and take away the user’s ability to manage the term store, you need to do three things. First remove the user’s permission in the managed metadata service application, then remove the user from the Term Store Administrators, and then remove the user from the Delegated Administrators group.


Copyright ©2014 Zubair Alexander. All rights reserved.

  • Facebook
  • Twitter
  • Linkedin

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar