Skip to main content
< All Articles

3 security roles of a SharePoint Term Store

Posted on September 23, 2021
SharePoint

I blogged extensively in the past about how security and permissions work on SharePoint sites. The topic of security is always on the mind of the users and never gets boring. However, if you are into Managed Metadata (also known as metadata within the Term Store), you might want to familiarize yourself with the concept of security/permissions in the Term Store. Security roles inside the Term Store have a life of their own, independent of the security one has on a given SharePoint site. In this article, I would like to explain to you, my loyal followers, the different levels of security roles of a SharePoint Term Store.

Term Store Administrator

To do anything within the Term Store, you need to be a Term Store Administrator. It does not matter whether or not you are a SharePoint Administrator or a Global Microsoft 365 Admin with access to anything in your organization. Term Store Admin Access is granted separately.

Here is how to grant someone (or yourself) Term Store Admin Access:

  1. Navigate to the Microsoft 365 Admin Center, App Launcher > Admin 3securityrolessharepointtermstore1
  2. Navigate to the SharePoint Admin Center 3securityrolessharepointtermstore2
  3. Once inside of the SharePoint Admin Center, navigate to the Term Store (under Content Services) 3securityrolessharepointtermstore3
  4. Click on the Edit button next to Admins 3securityrolessharepointtermstore4
  5. Type in the names of the users you want to add 3securityrolessharepointtermstore5
  6. Click Save security roles of a SharePoint Term Store

What Term Store Admin Access allows user to do

  • Add/edit/delete any Term Groups, Term Sets, Terms located inside the Term Store
  • Add/edit/delete other Term Store Administrators
  • Assign Term Store Group Managers and Terms Store Group Contributors to a given Term Group (more on this below)
  • Adjust settings for the Term Store, any Term Group, any Term Sets, and any individual terms

Term Group Manager

Term Store Administrator is a pretty serious role within the organization. These people have the power to delete any existing term sets within the Term Store, and this specific action is irreversible. So you better don’t go overboard with the number of Term Store Admins – the users have to know what they are doing to become one.

With that said, sometimes you might want to assign some department user the ability to manage terms within that department’s Term Group. In other words, you might have global metadata used by the whole organization, and that will be off-limits to others in terms of the ability to modify. Still, if a given department is using the Term Store to organize their own metadata, you might want to give that department a Term Group and assign the users to that group to edit metadata exclusively within that Term Group without the risk of messing the whole Term Store. Here is how to grant someone Term Group Manager Access:

  1. Click on a Term Group you want to assign Term Group Manager to, then click Edit on the right side 3securityrolessharepointtermstore7
  2. Type in the name of a user and then choose Manager from the drop-down. Click Save. security roles of a SharePoint Term Store

What Term Group Manager Access allows user to do

  • Add/edit/delete any Term Sets and Terms located inside the given Term Group
  • Assign other Term Store Group Managers and Contributors (more on this below)
  • Adjust settings for the Term Group assigned, as well as any Term Sets inside this group, and any individual terms inside those term sets

Term Group Contributor

When you assign someone the role of a Term Group Manager as described above, those users can add/edit/delete metadata, as well as add and remove other managers and contributors. Sometimes though, you might want users to add/edit/delete metadata within a given Term Store Group, without the ability to alter permissions for the Term Group. This is where the role of Term Group Contributor comes in. It is essentially the same as Term Group Manager described above without the benefits of assigning others to the Group.

To assign a user the role of Term Group Contributor, follow the steps above, but choose Contributor from the drop-down instead.

security roles of a SharePoint Term Store

What Term Group Contributor Access allows user to do

  • Add/edit/delete any Term Sets and Terms located inside the given Term Group
  • Adjust settings for the Term Group assigned, as well as any Term Sets inside this group, and any individual terms inside those term sets

How to access the Term Store for users without the SharePoint Admin Role?

You might be wondering how Term Store Admins, and especially Term Group Managers and Contributors, will access/manage the Term Store if they have no access to the SharePoint Admin Center. Good question! They will not be able to navigate to it using the instructions above (via Admin Centers). Instead, they will need to access and maintain it via a SharePoint site (any SharePoint site they are an Owner of)

  1. For the example below, I am accessing the Term Store as Mary, who owns a SharePoint site and who was made a Term Group Manager of HR Term Group within the Term Store
  2. From any SharePoint Site you own, click on Gear Icon > Site Information 3securityrolessharepointtermstore12
  3. Click on View all site settings 3securityrolessharepointtermstore13
  4. Click on Term Store Management 3securityrolessharepointtermstore14
  5. Mary now has access to her HR Term Group in the Term Store and can manage it from here. All the other Term Groups are grayed out because Mary is not a Term Group Manager or Contributor for those. security roles of a SharePoint Term Store

Term Set Owners, Stakeholders, and Contacts

If you click on any given Term Set inside of the Term Group I described above, you will notice 3 additional “roles” listed:

  • Term Set Owners
  • Stakeholders
  • Contacts

At first, it seems like you can set security on the Term sets as well, but these ARE NOT security roles and have nothing to do with the security roles of a SharePoint Term Store. These are just fields for the Term Store Admins and Term Group Managers and Contributors to keep track of the business owners/stakeholders of a given Term Set. So think of these as just names/contacts responsible for the Term Set (in case you are doing the cleanup in the Term Store in 5 years and wondering who the hell requested a certain set of terms)

security roles of a SharePoint Term Store

security roles of a SharePoint Term Store

About Me

I’m Greg Zelfond, a U.S. based SharePoint consultant, and I provide affordable out-of-the-box SharePoint consulting, training, and configuration assistance to small and medium-sized businesses all over the world.

Need help?