70-339 · Question #158
You are the SharePoint administrator for a company. You plan to deploy the SharePoint sites that will be accessible from the company portal. You create the following sites: A user named User1 will man
The correct answer is D. Add the designated divisional user account for each divisional site and grant each user the Design. To allow each division lead to manage only their own SharePoint site with minimal effort, grant Design permissions directly on their specific divisional site rather than using broad group membership.
Question
You are the SharePoint administrator for a company. You plan to deploy the SharePoint sites that will be accessible from the company portal. You create the following sites:
A user named User1 will manage the sites. You must prevent all users except for User1 from creating sites and subsites. User1 must be able to delegate management of List permissions to other users. You designate a user in each division as a lead for that division's site. You need to allow the designated lead in a division to manage their division's site while minimizing administrative effort. What should you do?
Exhibit
Options
- AFor each site, addthe designated divisional user account to the Team Owners group for that
- BAdd all divisional user accounts to the portal site's Team Owners group.
- CCreate a new SharePoint group on the Portal site namedSP Division Managers. Grant theDesign
- DAdd the designated divisional user account for each divisional site and grant each user the Design
- EAdd all the designated divisional useraccount to the portal site and grant each user the Design
How the community answered
(38 responses)- A11% (4)
- B3% (1)
- C3% (1)
- D79% (30)
- E5% (2)
Why each option
To allow each division lead to manage only their own SharePoint site with minimal effort, grant Design permissions directly on their specific divisional site rather than using broad group membership.
Adding divisional users to a Team Owners group grants Full Control over that site, which exceeds the minimum permissions required and violates least-privilege principles.
Adding all divisional users to the portal site's Team Owners group grants Full Control over the entire portal, giving each lead access far beyond their own division's site.
Creating a new group at the portal site level and assigning Design permission there grants all divisional leads access across every site on the portal, not just their individual division's site.
Granting the Design permission level to each designated user directly on their specific divisional site limits access to only that site, provides sufficient capabilities to manage content and settings, and avoids the overhead of creating new groups or modifying portal-level permissions. This targeted, per-site assignment minimizes ongoing administrative effort while keeping each lead's access scoped to their own division.
Granting Design permissions at the portal site level to all designated users provides access to all sites rather than restricting each lead to only their own division's site.
Concept tested: SharePoint site-level Design permission delegation per site
Source: https://learn.microsoft.com/en-us/sharepoint/understanding-permission-levels
Topics
Community Discussion
No community discussion yet for this question.
