What accounts and permissions are required to manage MetaShare?
MetaShare activation, configuration and administration could all be done by the same user-account but our recommendation is to use 3 different accounts. MetaShare’s activation and administration are normally done by system accounts. MetaShare configuration can however be done by several users with different privileges.
1 – Activation of MetaShare
- The account that activates MetaShare must be a Global Administrator in an Office 365 tenant.
- Observe that a Global Administrative account does not have, by definition, access-rights to all sites/workspaces and their documents. Such an account can however always grant itself permissions to any site/workspace. Click here to get instructions for the activation of MetaShare.
2 – Configuration of MetaShare
- After MetaShare has been activated, you can configure/manage MetaShare with a normal Office 365 user-account. Click here to see how to configure MetaShare.
- To be able to access and configure MetaShare, these privileges need to be assigned:
- Access to SharePoint’s root-site
To be able to access MetaShare, all users need a minimum of “read” permissions on SharePoint’s root-site, https://[tenant’s-name].sharepoint.com.
- MetaShare roles in Azure
In order to configure MetaShare, create MetaShare workspaces and get MetaShare to be displayed in Office 365 app launcher, follow these instructions to assign there roles in Azure:
Note that the user that activated MetaShare in your Office 365 tenant has already been assigned these three roles during the sign-up process.
- Term store administrator
To be able to manage MetaShare’s taxonomy (term sets and terms) in SharePoint’s Term store, assign the users to the “Contributors” or “Group Managers” group in MetaShare’s term set groups. When MetaShare is activated, one term set group named “MetaShare” is created. Delegated administration of MetaShare’s taxonomy is managed by splitting MetaShare’s term sets into different term set groups and by assigning different users to the different term set groups “Contributors”.
- Content type hub administrator
To be able to create MetaShare’s document metadata (site columns and site content types), the users needs “Full Control” permissions on SharePoint’s content type hub (at least the person that sets up the initial structure needs this privilege).
If users are only to configure MetaShare and do not need to modify MetaShare’s document metadata, the users only needs “Read” permissions on the hub. If the logged in users do not have access to the hub, a simple way to grant the permissions is to click on any of the workspace configurations in MetaShare settings and to use one of the links that MetaShare provides in the missing permissions notification page’s instructions:
- MetaShare document template administrator
In order to manage MetaShare’s document templates, a site for the templates needs to be created, according to the instructions under section “1 – How to create the document templates’ library“.
The administrator of this library needs “Full Control” permissions on the document library and all users that are to be able to create documents based on these document templates need to have “Read” permissions on the library.
- Access to SharePoint’s root-site
3 – Administration of MetaShare
- By default, the account used when activating MetaShare is defined as the MetaShare administrator. If needed, it can be replaced with another account.
- The MetaShare administrator account will be granted full access-rights in all workspaces (added as Site Collection Administrator to the site collections MetaShare creates)
- Recommendations/prerequisites for the account:
- It should therefore preferably be a system account (not a normal user account).
- It should be a SharePoint Service Administrator (no SharePoint licence needed).
- As the account in some cases will be shown to the end-users, e.g. when unexpected errors occur, enabling end-users to send e-mails to the account, the account needs a Microsoft Exchange Online license and the account’s e-mail should also be monitored by an administrator.
4 – Using MetaShare
For the end-users of MetaShare, the requirements are that they:
- Have a Microsoft Office 365 account. See MetaShare’s Service Description, for a list of all supported Microsoft Office 365 subscriptions. If you are unsure which subscription your users have, click here
- Have a minimum of “read” permissions on SharePoint’s root-site, https://[your tenant’s name].sharepoint.com.
- Are assigned the User role (for MetaShare to be displayed in their Office 365 app launcher). Follow these instructions to assign the role in Azure.
- Have “Read” permissions on the document templates library (in order for them to be able to create documents).