| |||||
| |||||
Two sets of users are allowed to perform administrative functions for Microsoft Windows SharePoint Services: members of the administrators group for the local server computer and members of the SharePoint administrators group. The SharePoint administrators group is a Microsoft Windows NT domain group that is assigned by using Windows SharePoint Services. Members of this domain group can perform tasks from SharePoint Central Administration without having to be assigned administrator rights to the local server computer. This is particularly useful in a server farm, because you can grant rights across the server farm, rather than individually for each computer in the server farm. This is also useful for applications that call into the administrative object model for Windows SharePoint Services. If you can configure the application process to run as a member of the SharePoint administrators group, it can create sites, modify quota values for sites, and perform other administration tasks.
Members of the SharePoint administrators group do not have access to the Internet Information Services (IIS) metabase or to the local server's file system, so they cannot perform the following actions for Windows SharePoint Services:
Note Members of the SharePoint administrators group can create top-level Web sites or change settings for a virtual server.
Members of the SharePoint administrators group can perform any other administrative action using the SharePoint Central Administration pages or the object model for Windows SharePoint Services. For example, members of the group can view and manage all sites created on their servers. This means that a member of the SharePoint administrators group can read documents or list items, change survey settings, delete a site, or perform any action on a site that the site administrator can perform.