Site Group(s) Permitted to Update User Profiles

Site Group(s) Permitted to Update User Profiles

Return to User Directory Configuration

User Group Permission

SiteGroups.jpgIf you selected to read user profiles from Active Directory earlier in this configuration, then you have the option of selecting the user groups allowed to update to user profiles. The Web Part displays the site groups on SPS 2003 and SharePoint Groups on MOSS 2007 on the site where the Web Part is installed. You can choose from the default groups as well as any custom groups you may have created. Select a group that has permission to UPDATE the user accounts. Only the users in this site group can modify user profile information. Please read the Security Considerations section for additional information.

Security Considerations

User Directory requires you to provide credentials for accounts that have read and write access to either the Active Directory or the SharePoint User Profile. In order to ensure User Directory is being used without compromising security in your domain, the following must be considered:

Active Directory (AD) Access Domain Account

This domain account is used to read and update the Active Directory profile data. This account must belong to a group that has Read and Write permission to the Active Directory user profile. To check if the account has the appropriate permissions, do the following steps:

Step Action Result
1. Open the Active Directory Users and Computer console application. hw08024.jpg
2. Select View and check the Advanced Features.
3. Select a Forest or Organization Unit, right click and select Properties.
4. Select the Security tab.
5. Make sure that the Access Account you are using has the Read and Write permissions to read and update the particular object.

Understand Who Can Modify a User Profile for Active Directory Profiles

  • All users can view other user profiles.
  • Only domain users who have Read and Write permissions can edit another user’s profile. The Domain Administrator group has this right by default.