Delegating PowerShell permissions
One of the many promises SharePoint 2010 delivers on is the empowering of users. In other words, SharePoint 2010 allows an administrator to delegate responsibility down to the other administrative user. The concern with doing this is exposing other administrative tasks. Just because someone can manage an application, such as Search, does not mean they should be able to manage other service applications. SharePoint 2010 handles this without putting at risk the security of the other components. Farm Administrators can designate users to manage their own service application, as we have seen in Chapter 2. This is done through the management UI of each service application. Taking this management one step further, a Farm Administrator can designate a user with the ability to run PowerShell commands against their particular service(s) from their own machines.
The least privileged account model in SharePoint has been taken to another level. Users have access to...