Udostępnij za pośrednictwem


Setting user rights to add solution to SharePoint 2007 solution store

You might want to give some accounts the access to deploy solutions into sharepoint 2007 farm without having to use installation account. As when you start distributing the installation account to other team, the changes performed on the farm can be very hard to track without strict change management process.

We'll need to give the user the following rights on the sharepoint & SQL server:

  • SharePoint Farm Administrators Group Account
  • Member of local administrators group on each Sharepoint WFEs
  • Member of db_owner on the SharePoint Central Admin web application content database
  • Give the user full permission to the web application thru Web Application Policy.

Please be aware that doing all of these steps will give full access to the user to the farm configuration, web applications, as well as the Sharepoint servers.

In this example, we've solutionuser2 that needs to have the rights to deploy solution to Sharepoint 2007 farm:

  • Giving the user permission to be member of farm administrators

 

  • Setting him as member of local administrators group,
  • Member of the db_owner of the sharepoint central admin web application content database thru SQL Server management studio. In this example, the content database name is SharePoint_Admin_Content_2007

 

  • Give the user full permission to the web application thru Web Application Policy.

 

And now the user can add solution to the solution store as well as deploying the solution package to the farm.

 

Comments

  • Anonymous
    January 01, 2003
    Hi Berry, Is this the minimum permission required for a solution deployment? I'm permissioning my developers just for solution deployment - not necessarily I want them full control from the SharePoint user interface. I've few points to clarify with you:
  1. Do they really need 'farm admin' rights?
  2. You mentioned db_owner role on the Central Admin 'content db' however on the screenshot it looks like you've given permission on both 'content db' and 'config db'. Can you please clarify which / whether both is necessary?
  3. Also can you not get away giving the user 'db_owner' role on the site collection content database instead of permissioning them through 'web application policy'? Many thanks in advanced!