Sharepoint 2013 : Service Application Administration (part 2) - Using the Ribbon to Manage Service Applications

Using the Ribbon to Manage Service Applications

Service applications are built by developers and then bolted into SharePoint through the service application framework, which enables developers to use the Ribbon to manage their service applications. However, because there is no hard set of rules about how the buttons on the Ribbon must be used, you will see a variety of behaviors. This section describes the primary uses of the various Ribbon commands.

When looking at the various management screens and options, you will see that some service applications use all the Ribbon buttons, while others use almost none. This is the power of flexibility at work. After reading this section, you will be able to apply the information provided here to each service application in order to determine exactly how it works.

The Operations Group’s Buttons

Now that you have your HR-Only Metadata service application, you need to be able to administer it. The first thing to take a look at is its properties. To do that, click once to the right of the service application to highlight it, which enables the available options on the Ribbon, as shown in Figure 3. (If you are taken to the Manage service applications screen after clicking, then you accidentally clicked the name of the service application. Press the Back button in your browser and try again.)

FIGURE 3

Now click the Properties button on the Ribbon. That invokes a window showing the settings you specified when you created the service application. Most service applications allow you to access this screen. Here, you can check information (such as what database name you used) or adjust settings if you change your mind about something (such as the application pool). When you are done looking around, click Cancel to return to the Manage service applications screen.

Click the Manage button on the Ribbon. This will take you to the page for managing the actual service application. In the case of HR-Only Metadata, you are now taken to the screen for defining terms and all those other fun things you can do with managed metadata. All the service applications that have something to manage have their own manage interface. This is just another piece of the framework.

In short, use Properties to look at or change settings you configured when creating a service application. Use Manage to access the service application and do whatever it is your service application was designed to do.

Setting Up a Delegated Administrator

Now that you have found this awesome screen for managing the managed metadata terms, wouldn’t it be great if you could give someone in HR access to add all of them? Well, you are in luck. You can easily add someone as a delegated administrator:

1. Ensure that you are still at the Manage service applications screen in Central Administration.

2. Click to the right of HR-Only Metadata.

3. Click Administrators from the Ribbon.

4. Enter the name of the HR user and click Add (for example, Contoso\NicolaY). You will then see the user’s name in the middle section. Make sure the name is highlighted.

5. In the bottom section, click the box to the right of Full Control and click OK. Figure 4 shows an example.

FIGURE 4

Now the HR user is a delegated administrator. Delegated administrators can access Central Administration, but they will see only those service applications to which they have been granted permissions. If Contoso\NicolaY logs into Central Administration, she will see something similar to what is shown in Figure 5.

FIGURE 5

That’s a lot of white space. Security trimming has removed everything to which she doesn’t have access, which is clearly most of page. If she clicks the Manage service applications link, she will see what is shown in Figure 6.

FIGURE 6

As a delegated administrator, she can see only the one service application to which she has access; and when she clicks on it, she only has the option of Manage. This level of trimming enables you to delegate the management of specific components without compromising security.

If you were to log back in as the real administrator and check the permissions, you would see that the user has been added to a special site collection security group called Delegated Administrators. This makes it simple to find everyone who has been granted access. Note, however, that even if you remove users from managing all the service applications, they are not removed from this Delegated Administrators group. Therefore, be sure to do a little cleanup from time to time if you often change delegated administrators.