This project is read-only.

FBA administration for non-administrator

Topics: Internet/Extranet Edition
Oct 20, 2008 at 8:43 PM
Another of my weird requests....
I am wondering of there can be a page that is not part of the core admin pages where I would have the users management.
I would like to delegate the account management to an individual, but there is NO WAY I want that person to have access to all the rest.  Is there a way to do this?  If yes, is there a way to hide one particular group from the possible group membership?  Of course, I don't want this non-admin user to create a user with all the rights.

Oct 20, 2008 at 9:50 PM
Out of the box, unfortunately, SharePoint requires this person to be a site collection administrator.  I spent some time recently researching how to do something similar to what you want (I want the site owner to do this, but I don't want them to be a site collection admin).  Unfortunately, the User Information List requires the higher privileges.  You'll have to modify the permissions on that list in order to do what you want.  After that, you can remove the requirement to be a site collection admin from the features, plus the admin pages for user management; they override the base page RequireSiteCollectionAdmin property in order to enforce permissions. 

You'll want to add your own access checks to the page to make sure they're in the group you want to give this access to. 

It's a fair amount of work, but assuming you can modify the User Information List permissions, it should be doable.  I was planning this functionality, but didn't have time to get it in this release.

Mike Sharp