Accounts and permissions required to manage MetaShare
MetaShare activation, configuration and administration could all be done by the same user-account but our recommendation is to use 3 different accounts. MetaShare’s activation and administration are normally done by system accounts. MetaShare configuration can however be done by several users with different privileges.
Activation of MetaShare
The account that activates MetaShare must be a Global Administrator in a Microsoft 365 tenant.
Observe that a Global Administrative account does not have, by definition, access-rights to all sites/workspaces and their documents. Such an account can however always grant itself permissions to any site/workspace. Click here to get instructions for the activation of MetaShare.
Configuration of MetaShare
After MetaShare has been activated, you can configure/manage MetaShare with a normal Microsoft 365 user-account. Click here to see how to configure MetaShare.
To be able to access and configure MetaShare, these privileges need to be assigned:
Access to SharePoint’s root-site To be able to access MetaShare, all users need a minimum of “read” permissions on SharePoint’s root-site, https://[tenant’s-name].sharepoint.com.
Term store administrator To be able to manage MetaShare’s taxonomy (term sets and terms) in SharePoint’s Term store, assign the users to the “Contributors” or “Group Managers” group in MetaShare’s term set groups. When MetaShare is activated, one term set group named “MetaShare” is created. Delegated administration of MetaShare’s taxonomy is managed by splitting MetaShare’s term sets into different term set groups and by assigning different users to the different term set groups “Contributors”.
Content type hub administrator To be able to create MetaShare’s document metadata (site columns and site content types), the users needs “Full Control” permissions on SharePoint’s content type hub (at least the person that sets up the initial structure needs this privilege). If users are only to configure MetaShare and do not need to modify MetaShare’s document metadata, the users only needs “Read” permissions on the hub. If the logged in users do not have access to the hub, a simple way to grant the permissions is to click on any of the workspace configurations in MetaShare settings and to use one of the links that MetaShare provides in the missing permissions notification page’s instructions:
MetaShare document template administrator In order to manage MetaShare’s document templates, a workspace for the document templates needs to be created, according to these instructions. The administrator of this library needs “Full Control” permissions on the document library and all users that are to be able to create documents based on these document templates need to have “Read” permissions on the library.
Administration of MetaShare
By default, the account used when activating MetaShare is defined as the MetaShare administrator. If needed, it can be replaced with another account.
The MetaShare administrator account will be granted full access-rights in all workspaces (added as Site Collection Administrator to the site collections MetaShare creates)
Recommendations/prerequisites for the account:
It should therefore preferably be a system account (not a normal user account).
It should be a SharePoint Service Administrator (no SharePoint licence needed).
As the account in some cases will be shown to the end-users, e.g. when unexpected errors occur, enabling end-users to send e-mails to the account, the account needs a Microsoft Exchange Online license and the account’s e-mail should also be monitored by an administrator.
Using MetaShare
For the end-users of MetaShare, the requirements are:
The user need a Microsoft 365 account. See MetaShare’s Service Description, for a list of all supported Microsoft 365 subscriptions. If you are unsure which subscription your users have, click here.
Have a minimum of “read” permissions on SharePoint’s root-site, https://[your tenant’s name].sharepoint.com.
