Grant permission to access the managed metadata service (SharePoint Server 2010)
Aplica-se a: SharePoint Server 2010
Tópico modificado em: 2015-03-09
When you create a connection from a Web application to a service in SharePoint Server 2010, the connection runs using the credentials of the Web application's application pool account. Before you can create a connection to a managed metadata service, the service must first grant permission to the application pool account of the Web application. Users of sites in the Web application can perform different actions depending on the permission that the service grants to the application pool account. There are three levels of permission: read, restricted, and full.
The following table indicates which actions are enabled, depending on the permissions the service grants.
Action | Read | Restricted | Full |
---|---|---|---|
View terms and term sets |
Yes |
Yes |
Yes |
Add existing terms and existing enterprise keywords to documents and list items |
Yes |
Yes |
Yes |
Bind columns to existing term sets |
Yes |
Yes |
Yes |
View and use content types from the content type hub (if the service provides a hub) |
Yes |
Yes |
Yes |
Add new terms to open term sets |
Yes |
Yes |
|
Create new enterprise keywords (if the connection is configured to enable this) |
Yes |
Yes |
|
Create local term sets (if the connection is configured to enable this) |
Yes |
Yes |
|
Add and modify content types in the content type hub (if the service provides a hub) |
Yes |
||
Manage terms and term sets (if the user is authorized to do this) |
Yes |
Procedures in this task:
Grant permission to access a managed metadata service
Revoke a service account’s permission to access a managed metadata service
Task Requirements
The following are required to perform the procedures for this task:
The account to be granted permission must already exist.
The managed metadata service must already exist.
Grant permission to access a managed metadata service
Use this procedure to grant a service account permission to access a managed metadata service.
Security Note |
---|
By default, all application pool accounts on the local farm are granted full permissions to the service. To grant read or restricted access to an account, first revoke or reduce the Local Farm group’s permissions to the service by using the procedures in this article. |
Administrative credentials
To use this procedure, you must be a member of the Farm Administrators SharePoint group on the computer that is running the SharePoint Central Administration Web site.
To grant a service account permission to access a managed metadata service by using Central Administration
On the home page of the SharePoint Central Administration Web site, under Application Management, select Manage service applications.
Select the Service Applications tab.
Select the managed metadata service to which you want to grant permission and then click Permissions.
In the first box, either type the name of the service account that you want to add by using the format <domain>\<username> or select the service account by using the address book, and then click Add.
Double-click the service account that you added.
The service account is moved from the box of accounts to be added to the box of accounts to be granted permissions.
In the Permissions for <user> box, select one of the following options:
Read Access to Term Store to grant permission to read the term store and content types that are associated with the managed metadata service.
Read and Restricted Write Access to Term Store to grant permission to read the term store and content types that are associated with the managed metadata service, permission to write to local term sets and open term sets, and permission to create enterprise keywords.
Full Access to Term Store to grant permission to read and write to the term store and content types that are associated with the managed metadata service.
Repeat the previous three steps to grant permission to additional accounts.
Click OK.
Revoke a service account’s permission to access a managed metadata service
Use this procedure to revoke a service account’s permission to access a managed metadata service.
Administrative credentials
To use this procedure, you must be a member of the Farm Administrators SharePoint group on the computer that is running the SharePoint Central Administration Web site.
To revoke permission to access a managed metadata service by using Central Administration
On the home page of the SharePoint Central Administration Web site, under Application Management, select Manage service applications.
Select the Service Applications tab.
Select the managed metadata service to which you want to revoke permission and then click Permissions.
In the second box, select the service account that you want to remove, and then click Remove.
Click OK.
See Also
Concepts
Funções de metadados gerenciados
Add and remove term store administrators (SharePoint Server 2010)