Factors to Consider Before Associating Groups
·A group can be a member of only one association; either as a model or a dependent.
·A dependent group cannot be created on a site that inherits permissions from its parent.
·If the permission level of the model group does not exist in the target site collection, it will be created there.
·If the owner of the model group is either a valid "user" or a SharePoint group that exists in the target site collection, that user or group will become the owner of the dependent group. If the owner is not a valid user (for example, a SharePoint group or built-in account such as SharePoint\system or NT AUTHORITY\authenticated users) or is a SharePoint group that does not exist in the target site collection, the user requesting the action will become the owner of the dependent group.
EXCEPTION: If the dependent group already exists in the target location (that is, you are not creating a new group), group ownership will remain unchanged.
To create a new association:
1From the Group Management workspace, click [Create New Association] to display the model group picker.
NOTE: By default, the left side of the picker includes Web Applications within the selected scope. You can, however, check the Expand Scope box to include all Web Applications within the farm.
2Use the information in the table below to determine the appropriate action to take.
If you want to ... |
Then ... |
---|---|
use an existing group as the model |
select the group that you want to use as a model from the left pane and move it to the right pane. NOTE: You cannot select a group that already belongs to an association (either as a model or a dependent). |
create a new group to use as a model |
a.Select the site within which you want to create the model group in the left pane. b.Click [Create New SP Group]. c.Complete the appropriate fields on the SharePoint New Group page. d.Click [Create] to close the page. The group you just created will now be available for selection in the model group picker. |
3Click [Create Association].
The model group displays in the grid at the top of the workspace with the following information:
§Association Name (This is, by default, the name of the model group. You can, however click the Edit Assoc. Name Edit link and specify a different name.)
§Group Name and Group Description (as specified on the SharePoint Group Settings page)
§Site Name and Site URL
§Permissions level(s)
§# Users in the group.
To open the SharePoint People and Groups page for the group, click the View link in the Details column.
4Scroll to the bottom of the workspace.
5Click [Adopt New Dependents] to display the dependent group picker.
6Use the information in the following table to determine the appropriate action to take.
NOTE: By default, the left side of the picker includes Web Applications within the selected scope. You can, however, check the Expend Scope box to include all Web Applications within the farm. If you want to associate a dependent group in a newly-created site, it may take several minutes for the site to appear in the picker.
If you want to ... |
Then ... |
---|---|
associate one or more existing groups with the model group NOTE: When you choose this option, the name and owner of the dependent group will remain the same, but the membership and permissions will be overwritten with those of the model group. |
select the group(s) from the left pane and move them to the right pane. |
create a new group to associate with the model group NOTE: When you choose this option the name, membership, and permissions of the dependent group will be the same as those of the model group. |
select the site within which you want to create the dependent group and move it to the right pane. |
7Click [Apply].
By default, both group membership and permissions are synchronized. However, if you want to synchronize only permissions or membership, uncheck the other option.
Now you can either:
·synchronize model and dependent group(s) immediately, (by clicking [Synchronize])
OR
·complete the Schedule Synchronization section and schedule the synchronization to run at a later time or on a recurring basis.
TIP: Schedule the synchronization to run on a recurring basis if you want to ensure that groups remain in sync.
Synchronizing Associated SharePoint Groups
When you create a new association, the membership and site-level permissions associated with the model group are copied to the dependent group(s) as part of the operation. To copy future changes to group membership or permissions, you must synchronize the model group with its dependents.
TIP: You can run a synchronization on a regular schedule, to ensure that groups remain in sync.
Synchronization applies to an entire association (that is, any changes to the model group will be propagated to all dependents in the association). Keep in mind that that, when you synchronize an association, any changes that have been made directly to a dependent group will be overwritten.
To synchronize associated groups:
1In the Group Management workspace, highlight the model group (in the top grid) whose dependents you want to synchronize.
2Either
§synchronize groups immediately, by clicking the [Synchronize] button
OR
§schedule the synchronization to run at a later time and/or on a regular schedule.
NOTE: You can only synchronize (or schedule a synchronization for) one association at a time, and you cannot schedule a synchronization for a newly-created site until ControlPoint Discovery has been run.
You can:
·dissolve an association, and either:
§retain the model and dependent groups in their respective SharePoint sites
OR
§delete the model group and all of its dependents from their respective SharePoint sites
·disconnect one or more dependent group(s) from an association, and either:
§retain the group in the SharePoint site
OR
§delete the group from SharePoint.
To dissolve an association and retain model and dependent groups in SharePoint
1In the Manage SharePoint Groups association (upper) grid, highlight the association that you want to dissolve.
2Click [Dissolve Association].
Both the association model and dependent groups are:
·removed from the grids
·retained in their respective SharePoint sites.
To dissolve an association and delete model and dependent groups from SharePoint
1In the Manage SharePoint Groups association (upper) grid, highlight the association that you want to dissolve.
2Click [Delete Association and Groups].
Both the association model and dependent groups are
·removed from the grids
·removed from their respective SharePoint sites.
To disconnect dependent groups from an association and retain the groups in SharePoint:
1In the Manage SharePoint Groups association (upper) grid, highlight the association from which you want to disconnect dependent group(s).
2In the dependent (lower) grid, highlight the group(s) that you want to disconnect.
3Click [Disconnect Selection].
The selected dependent groups are:
·removed from the grid, and
·retained in SharePoint sites.
To disconnect dependent groups from an association and delete them from SharePoint:
1In the Manage SharePoint Groups association (upper) grid, highlight the association from which you want to disconnect dependent group(s).
2In the dependent (lower) grid, highlight the dependent group(s) that you want to disconnect.
3Click [Delete Selection].
The selected dependent groups are:
·removed from the Group Management grid, and
·removed from SharePoint sites.
The ControlPoint Backup Permissions action lets you back up the permissions of one or more SharePoint sites, which includes:
·permissions granted to users or groups specified in Active Directory or other authentication providers
·permissions granted to SharePoint groups
·membership in SharePoint groups.
The following are not backed up:
·Permission level definitions
·SharePoint group definitions
·Active Directory group membership
A separate backup is created for each site within a site collection. For example, if you choose to back up a site collection that contains multiple subsites, a separate backup will be made of the root site and each subsite.
In a multi-farm environment, permissions backups can be created and managed for the home farm only.
Restoring Permissions from a Backup
You can restore permissions from a backup using the ControlPoint Manage Permissions Backups feature. You can choose whether or not to restore SharePoint groups that have been deleted, membership in SharePoint groups, and/or Site Collection Administrators.
Changes that are made between the time when permissions are backed up and restored are handled as follows:
·If an object had unique permissions at the time of the backup has since been made inherited, the unique permissions will be restored.
·If a site has been deleted since the backup was made, it will be skipped.
·If it can be determined that a user no longer exists (on the site, Active Directory group, server etc.), permissions for that user will not be restored.
·Any new list or list item has been added since the backup was created will remain intact.
·The permissions of any user who was given direct permissions since the backup was created will be deleted (the user(s) will remain in the SharePoint All People list, however). If you choose to restore group membership, any users added to a SharePoint group since the backup was created will not be deleted. Because SharePoint groups are defined at the site collection level, deleting a user would remove the user's permissions to all sites within the collection that use that group.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center