In our SharePoint 2010 Enterprise internal company website, we have a SharePoint Admin group, say, CompanySP_Admin. We have created a 'Full Control permission level' that is a SharePoint permission level (as explained in MSDN here).

As explained in the last section of above MSDN article, users can assign this permission level to other users or groups. We want only the members of the CompanySP_Admin group to be able to assign this permission level to other users or group. How can we achieve this?

Thanks.

1

There are 1 answers

7
x0n On

You can't. SharePoint uses discretionary access control, and this is just the way it is. I'm not going to argue that this isn't seriously annoying - in fact, this is the one of the most frequently asked for things by clients in my ten years of SharePoint consulting.

That said, what you really need to do is figure out if these other groups really need Full Control. Look closer at the various rights and revisit the requirements - I'll bet they don't actually need full control, just contributor plus some extra rights. If they really do need full control, then it's a question of training and following established company policies.