Windows SharePoint Services Roles
In Windows SharePoint Services 2.0, you can assign particular rights to Team Foundation users by granting them membership in default site groups. In Windows SharePoint Services 3.0, you can create custom site groups and assign permissions to them. By using default or custom site groups, you do not have to control the file and folder permissions separately or worry about keeping your local groups synchronized with your list of Web users. You can use the administration tools for your version of SharePoint Products and Technologies to give project members distinct permissions on each of your project Web sites.
In effect, you can delegate user management from Team Foundation Server administrators to the project leads, after the project lead has been made the administrator of the project site. Site administrators control site access and, by default, have rights to add, delete, or change site group membership for users. Inside an organization, site administrators can typically select users from the list of the organization's users and grant them access based on their roles and needs within a project. For example, if the Web site is the document and information portal for members of a particular project team, the site administrator adds members of that team to the Contributor site group, so that the team members can add documents and update lists.
Members of the Administrator site group for a top-level Web site control more options and features of the server that is running SharePoint Products and Technologies than administrators of an individual project site. Administrators of a top-level Web site can perform actions such as enabling or disabling Web document discussions or alerts, viewing usage and quota data, and changing anonymous access settings.
Site administration is separate from Windows SharePoint Services Central Administration. For more information, see How to: Access Windows SharePoint Services Site Administration.
Windows SharePoint Services has the following site groups and permission levels:
Administrator (Full Control)
Web Designer (Design)
For more information, see the SharePoint Products and Technologies Tech Center on the Microsoft Web site.
You should restrict group membership in SharePoint Products and Technologies so that groups contain only those users who need that group's specific level of access and permissions. When you add a user or group in SharePoint Products and Technologies, you should make sure that any groups to which the user or group belongs has only the minimum permissions required to complete their role within a team project. For example, if a user only needs to view the contents of a team project Web site, you should add the user to the Reader group, not the Contributor group.
To create a site Administrator, add an existing user account to the Administrator group of the top-level site in Windows SharePoint Services 2.0, or add that user to a group that has the Full Control permission in Windows SharePoint Services 3.0.
The user account that was used to install Team Foundation Server is automatically added as a member of the Administrator role for the top-level site. For more information, see Windows SharePoint Services Administrator's Guide.
A member of the Windows SharePoint Services Web Designer role can create lists and document libraries and customize pages in the Web site. To enable a user to customize a Team Foundation project Web site, add an existing user account to the Web Designer group of the project site in Windows SharePoint Services 2.0, or add that user to a group that has the Design permission in Windows SharePoint Services 3.0.
A member of the Windows SharePoint Services Contributor role can add content to existing document libraries and lists. To enable a user to contribute content to a Team Foundation project Web site, add an existing user account to the Contributor group of the project site in Windows SharePoint Services 2.0, or add that user to a group that has the Contribute permission in Windows SharePoint Services 3.0.
A member of the Windows SharePoint Services Reader group has read-only access to the Web site. To enable a user to read a Team Foundation project Web site, add an existing user account to the Reader group of the project site in Windows SharePoint Services 2.0, or add that user to a group that has the Read permission in Windows SharePoint Services 3.0.