Every SharePoint administrator knows what is Central Administration. Developers should also be aware of what is available through this user interface. Depending of what kind of sites (applications) are developed, search scopes and meta data properties mappings must be added. So, who should be able to do this configuration?
I won’t write about the usual discussion around roles and responsabilities but at the end of this post we will be able to grant access to search settings.
To be allowed to configure SharePoint Search (scopes, rules, …), Read permission on the concerned Shared Service must be granted to the user that has to do this: http://servername:port/ssp/admin/_layouts/user.aspx.
Every user (direct reference or group reference) that has Read permission can have the following page:
As you can see, there is a lot of links on this page. Most of them linked to access denied pages. So, with Read permission granted, we have access to:
- Trusted My Site host locations
- Published links to Office client applications
- Search settings
First two ones will produce a read-only content. No modifications are allowed.
In the Quick Lauch, Back to Central Administration and Shared Services Administration pages are also not available without more than Read permission. So the only one that is available is Search Settings (http://servername:port/ssp/admin/_layouts/searchsspsettings.aspx).
Through this user interface, we are able to manage all search properties.
Sometimes, 403 error can happen after these operations. Because of this, we should run attrib –s c:\windows\tasks using command line. This command will change System attribute on scheduled tasks folder. Don’t be afraid, we will set the attribute to previous one at the end of the operations.
After this, right click on c:\Windows\Tasks folder and check if WSS_WPG has Read and Write access on the folder.
As I wrote before, we will set System attribute to the previous one: attrib +s c:\windows\tasks.
Check also that WSS_WPG and your fonctional account have some permissions on OSearch component.