In SharePoint Online for Office 365, administration can be separated into three primary roles: Office 365 Global Administrator, SharePoint Online Administrator and Site Collection Administrator.
These roles were designed to provide separation of responsibilities to better assist common business workflows. In this document, we will discuss the differences between these roles, clarify role responsibilities and provide an example for how to solve a specific business requirement.
SharePoint Administration Roles
Global Administrators
Global Administrators, also known as the “Company Admin” or the “Tenant Admin”, can configure any Office 365 settings and gain access to any level of the SharePoint site. Compared to the SharePoint Admin and the Site Collection admin, the Global Admin is the only role able to manage user groups and reset user passwords. Furthermore, global admins are the only admins who can assign other admin roles, outside of Site Collection admins. You can have more than one Global Admin.
SharePoint Administrators
SharePoint Online Administrators can create and manage site collections, delegate site collection administrators and allocate space between the different Site Collections. Compared to the Global Admin, SharePoint Admins will be able to view user information but, will not be able to modify existing information. In SharePoint Online, Global Administrators are also SharePoint Online Administrators.
Site Collection Administrators
Site Collection Administrators are responsible for creating and maintaining sites and content within a site collection. Primary functions for the Site Collection Admin include managing permissions and restricting access where necessary, and managing content types, site columns and templates for re-use in the sites and update site structure based on content requirements. Site Collection Administrators can also assign other users to be a Site Collection Administrator to their Site Collection. Compared to Global and SharePoint admins, Site Collection Admins do not have access to the Office 365 Admin portal, thus they will not be able to see any user information.
Features | Site Collection Administrator | SharePoint Administrator | Global Administrator |
Manage User Permissions on a Site Collection | |||
Manage User Permissions on a Site within a Site Collection | |||
Create and Manage All SharePoint Site Collections | |||
Assign Users as Site Collection Administrators | |||
View Users and Groups | |||
Update Users and Groups Information | |||
Manage Service License for Office 365 | |||
Manage Subscribed Services for Office 365 |
Business Solution Example
Private Site Collection
If a scenario exists where a group of users require a secure location for private files that restricts access to only users in that group and the global administrator, then the following solution will need to be followed to accomplish this. An example of this scenario is if an executive branch required a secure area to store sensitive documentation.
Requirements
- Create a site collection visible only to a specific user group
- No Administrators, except the Global Admin, have access to this site collection *
- A SharePoint Admin working for the company can still manage other Site Collections
Solution
In order to create a private site collection, the Global Administrator and SharePoint Online Administrator roles must be filled by member(s) of the executive group. The executive group being the users that have access to the private site collection.
Since an admin exists in the company that is responsible for managing all other site collections, that person must be delegated as the Site Collection Admin for each site collection outside of the executive collection.
It will be the responsibility of the Global Administrator and/or the SharePoint Online Administrator to add new site collections and delegate the site collection administrator. Optionally, when adding the executive site collection, a temporary Site Collection Administrator may be added to initialize permissions and layout. That temporary Site Collection Admin must be removed by the Global Admin to maintain privacy.
The main obstacle for this solution is the necessity for a member of the executive group to learn and fulfill the responsibilities of a Global and/or SharePoint Online Admin.
Does SharePoint seem like the right intranet solution for you? Not sure? Let us help you figure that out!