Using the Ribbon to Manage Service Applications
Service applications are built by
developers and then bolted into SharePoint through the service
application framework, which enables developers to use the Ribbon to
manage their service applications. However, because there is no hard
set of rules about how the buttons on the Ribbon must be used, you will
see a variety of behaviors. This section describes the primary uses of
the various Ribbon commands.
When looking at the various management screens
and options, you will see that some service applications use all the
Ribbon buttons, while others use almost none. This is the power of
flexibility at work. After reading this section, you will be able to
apply the information provided here to each service application in
order to determine exactly how it works.
The Operations Group’s Buttons
Now that you have your HR-Only Metadata
service application, you need to be able to administer it. The first
thing to take a look at is its properties. To do that, click once to
the right of the service application to highlight it, which enables the
available options on the Ribbon, as shown in Figure 3.
(If you are taken to the Manage service applications screen after
clicking, then you accidentally clicked the name of the service
application. Press the Back button in your browser and try again.)
Now click the Properties button on the Ribbon.
That invokes a window showing the settings you specified when you
created the service application. Most service applications allow you to
access this screen. Here, you can check information (such as what
database name you used) or adjust settings if you change your mind
about something (such as the application pool). When you are done
looking around, click Cancel to return to the Manage service
applications screen.
Click the Manage button on the Ribbon. This will
take you to the page for managing the actual service application. In
the case of HR-Only Metadata, you are now taken to the screen for
defining terms and all those other fun things you can do with managed
metadata. All the service applications that have something to manage
have their own manage interface. This is just another piece of the
framework.
In short, use Properties to look at or change
settings you configured when creating a service application. Use Manage
to access the service application and do whatever it is your service
application was designed to do.
Setting Up a Delegated Administrator
Now that you have found this awesome
screen for managing the managed metadata terms, wouldn’t it be great if
you could give someone in HR access to add all of them? Well, you are
in luck. You can easily add someone as a delegated administrator:
1. Ensure that you are still at the Manage service applications screen in Central Administration.
2. Click to the right of HR-Only Metadata.
3. Click Administrators from the Ribbon.
4. Enter the
name of the HR user and click Add (for example, Contoso\NicolaY). You
will then see the user’s name in the middle section. Make sure the name
is highlighted.
5. In the bottom section, click the box to the right of Full Control and click OK. Figure 4 shows an example.
Now the HR user is a delegated administrator.
Delegated administrators can access Central Administration, but they
will see only those service applications to which they have been
granted permissions. If Contoso\NicolaY logs into Central
Administration, she will see something similar to what is shown in Figure 5.
That’s a lot of white space. Security trimming
has removed everything to which she doesn’t have access, which is
clearly most of page. If she clicks the Manage service applications
link, she will see what is shown in Figure 6.
As a delegated administrator, she can see only
the one service application to which she has access; and when she
clicks on it, she only has the option of Manage. This level of trimming
enables you to delegate the management of specific components without
compromising security.
If you were to log back in as the real
administrator and check the permissions, you would see that the user
has been added to a special site collection security group called
Delegated Administrators. This makes it simple to find everyone who has
been granted access. Note, however, that even if you remove users from
managing all the service applications, they are not removed from this
Delegated Administrators group. Therefore, be sure to do a little
cleanup from time to time if you often change delegated administrators.