Manage User Group Memberships in MOSS 2007


We are often asked, “How do you figure out what groups or permissions a user has in SharePoint”?  The default, out-of-the-box answer is “You can’t”.  Permissions in SharePoint are granted at the object level (file, folder, etc.) rather than on the user account.  So, you need to go to the site, library, list, file or item in SharePoint and check to see who has permission to the object.  This is counter-intuitive to many people and can be time consuming if you need to provide a report that shows what a user can access in SharePoint.

There are third-party add-ons for SharePoint that can help you manage user permissions but, they can be quite costly.  However, there are two FREE solutions available on the Internet.

The first is called Permissions Reporting Tool and is part of the Microsoft SharePoint Administration Toolkit v4.  For specifics on downloading and installing, visit the Microsoft SharePoint Team Blog.  Once the solution is deployed, Site Collection Administrators will be able to:

  1. Run Reports to identify objects in the Site Collection where inheritance has been broken
  2. Check effective permissions for a user or a group which allows you to see a list of the permissions a particular user or group has
  3. Compare permissions for an object against its parent object to see where inheritance was broken (you do not have to be a site collection administrator for this function but, you do need to have the Enumerate Permission permission)

NOTE:  You must install the April 2009 cumulative update before you can activate the Permissions Reporting Tool.

The second is called MOSS Manage User Membership Feature and is available on CodePlex. This is a solution deployment SharePoint file (.wsp) that is easy to download and deploy.  It creates a new menu on the Site Actions – Site Settings – Users and Permissions menu called “Manage User Membership” which allows you to search for a user(s) and then edit the groups that the user belongs to.

Installation Instructions:

  • Open a command prompt and type:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsadm -o addsolution -filename c:\pathtofile\MOSS.CustomAdminPages.UserMembership.Feature.wsp

  • Hit Enter
  • You should see “Operation completed successfully.”
  • Next, in the command prompt

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsadm -o deploysolution -name MOSS.CustomAdminPages.UserMembership.Feature.wsp -immediate -allowGacDeployment

 NOTE: This solution contains no resources scoped for a Web application and cannot be deployed to a particular Web application.

  •  You should see “Timer job successfully created.”
  • Next, browse to the Site Collection(s) where you want to activate the feature:
  • At the top-level site in the site collection, click Site Actions > Site Settings > Site Collection Features and Activate “Manage User Membership”
  • Now when a Site Owner browses to Site Actions > Site Settings, they will have the option to Manage User Membership
Manage User Membership Menu item on SIte

Manage User Membership Menu item on SIte






  • Type the account name and then click Find and you will see the groups a user belongs to







  • Click the Login and you can easily edit the groups that the user belongs to



No Responses Yet to “Manage User Group Memberships in MOSS 2007”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: