If there are groups of ControlPoint users that should have similar rights to SharePoint and ControlPoint functions, the ControlPoint Application Administrator should first define groups for these users from within the ControlPoint Configuration site. See Setting Up ControlPoint Users and Groups.
When setting up users and groups and granting access to the ControlPoint application, ControlPoint Application Administrators should consider the roles of various groups of users in the organization to determine the features to which they should have access.
Example 1: Adding Frequently-Used Items to a ControlPoint Menu
If there is a SharePoint function that is used often by administrators in your organization, you can add that item to a custom menu. For example, if Farm Administrators frequently need to check the health of the SharePoint farm, you can provide a menu item that links to the appropriate Central Administration page.
Example 2: Restricting Access to Advanced Functionality
If you do not want the majority of administrators to have access to ControlPoint Sentinel functionality for aomalous activity detection,, you may want to create a customized Manage ControlPoint menu from which these privileges have been removed, and then restrict their access to the original ControlPoint-ManageCP menu.
You could then use this menu as the "default" menu on which additional customized menus are based.
Example 3: Groups with Access to a Subset of Features
If there is a group of users in your organization primarily responsible for monitoring storage utilization, you may want to create a group for these users. You can then create a customized ControlPoint menu that contains only items they need (in this example, SharePoint Summary Report and Storage Analysis tools, while eliminating items that they might not need (such as Activity Analysis tools and additional Content Analysis tools) and/or should not have access to (such as tools for managing Configuration and Users and Security), by restricting their access to the original ControlPoint menu files.
You can also customize menus in this manner for the Business Administrators group if you want to "override" the security trimming imposed by ControlPoint original menus. (That is, you can create menus that give Business Users either more or less functionality than is provided by default.)
Additional Factors to Consider
By default, all custom menus inherit users and permissions from the ControlPoint Menus document library, which in turn inherits from the ControlPoint Configuration site collection. However, you can break this inheritance and assign unique permissions to individual menu files (that is, to restrict access to the original menus).
Additionally, if a user has permissions for more than one menu with the same target location (for example SharePoint Hierarchy- farm level), the menus are "merged" for display in the left navigation pane, with items unique to each menu preserved and duplicate items eliminated.
You should keep these factors in mind when planning and deploying customized menu. Use the information in the following table for guidance with some common scenarios.
If you want to ... |
Then ... |
---|---|
include one or more additional items to which all users should have access |
·Create a custom menu file at the appropriate level. ·Add the item(s). ·Ensure that all users have read access to the menu file. |
restrict access by any group to either a ControlPoint original menu or a custom menu |
·Break the inheritance of the appropriate menu file(s) from the permissions of the ControlPoint site collection. ·Remove the group's permissions to the file(s). |
create a custom menu to which only some users should have access |
·Create a custom menu file. ·Set unique permissions for that file so that only certain users/groups have read access. |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center