What is the difference between an SCA and Admin?

This article explains the differences between an SCA (Site Collection Administrator) and an Administrator.  In order for someone to truly have full control in EPM Live, they MUST be an SCA AND in the Administrators permissions group.

1. Site Collection Administrator (SCA) Defined

The SCA has ultimate control over everything in the site collection that can be managed in the front-end web interface. An SCA can manage the functionality of features such as Search, the Recycle Bin, Document ID, and more. They can view the Audit Log Reports, work with site collection policies, manage the site collection caching, and activate or deactivate Site Collection features. The SCA can also add and designate other SCAs.

The SharePoint Site Collection Administrator cannot be locked out of any workspace/subsite, list, library, item, or page on the front end EPM Live/SharePoint site. The permissions inheritance for any of these elements can be broken at any time, and permissions changed so that even users with Full Control rights have lesser permissions or even no permissions at all. In all cases the SharePoint Site Collection Administrator will always have full access to all of the elements and all of the data.

EPM Live recommends limiting the number of SCAs to one or a few (at most).

As EPM Live installs into the SharePoint platform, it is important to understand that the Site Collection Administrator is not a full system administrator role. This role does not manage the SharePoint farm or server software, and is not a network or server administrator.

The PortfolioEngine Database has a separate set of permissions.  The EPM Live Resource Pool permissions sync with the Portfolio Permissions.  See note below regarding Portfolio Permissions, as to why someone cannot be only an SCA; they must also be in the Administrators permission group.  Not every user in the Administrators group needs to be an SCA, however every SCA MUST also be in the Administrators group.

1.1. Designating the Site Collection Administrator Upon Site Collection Creation

  • On-Premise Customers and Dedicated SaaS Customers: At the time that the SharePoint system administrator creates a new site collection, there is a field to specify the primary SCA.  
  • Online Shared SaaS Customers: The person who creates the new site collection is automatically the SCA for that site collection.  

2. Administrator Defined

In EPM Live, the site administrator has full control of the site.  In the top level site, this is any person in the Administrators permissions group in the Resource Pool.  The Administrator can see most content and can configure most settings.  

In a workspace, the site owner has "admin-like" permissions, as that user may configure the workspace as needed.  

2.1. Administrators Sync to PortfolioEngine

The Resource Pool permission groups sync to the Portfolio Permissions, which are the security groups for the PortfolioEngine database.  The Portfolio Cost & Resource planning tools use the security set on the Portfolio Permissions page.  Those in the Resource Pool Administrators group will be synced to the Portfolio Permissions Administrators group upon save and/or the Timer running.

Creating resources in the Resource Pool must be done by someone in the Resource Pool's Administrators group, since the resource gets created into the PortfolioEngine Database, and only those in the Administrators group in the PortfolioEngine Database can do so.  So, if someone is an SCA, but not in the Administrators group, he/she will not be able to successfully create a resource in the Resource Pool.  

Note: If an Administrator adds someone to the Resource Pool, that user is added, however, they must be approved by an SCA, who can assign a license to that user.

3. SCA-Only Features

The following features and settings are only available to SCA's in EPM Live:

  • Timesheet Settings
  • Approve new users in the Resource Pool - assign the license type and permissions group(s) to the resources
  • Delete Site Collection
  • SharePoint Site Collection features (SharePoint Site Settings Page)
  • Updating the user information, if using EPM Live with Single Sign On (SSO)

4. Administrator-Only Features

PortfolioEngine Database Features and Settings.



Please sign in to leave a comment.