I’m working with the Managed Metadata Service for a client project, and we ran into an issue in the Term Store Management Tool. We’d like to add a SharePoint group as Contributors to a specific Term Store Group. On the Term Store Management screen, the instructions say:
Enter user names, group names, or e-mail addresses. Separate them with semicolons. These users will have full permissions to edit terms and term set hierarchies within this group.
Note the pretty display in the image above of the two Active Directory groups we’ve already added. We can make it look nice again by clicking on the Resolve Name icon, but seriously? We have no issue adding Active Directory groups or individuals as Contributors.
Now, the instructions may be misleading, because the word “group” can mean several things. It can be a SharePoint group or an Active Directory security group (and maybe some other things I’m not thinking about). However, one would think that it is a pretty common wish to add a SharePoint group as Contributors to a Term Store Group. In fact, the Select People and Groups dialog even has a section for SharePoint groups and we can successfully locate the groups we want to add.
When we go into the Term Store Management Tool in a Site Collection (so far we only have one, plus a Search Center) and we try to add a SharePoint group, we get the error:
“This operation cannot be completed. The term store may be unavailable.”
If we go into the Term Store Management Tool from Central Administration, the SharePoint groups from our Site Collection aren’t available because those groups are stored at the Site Collection level, not at the Farm level. So there’s no error because it’s not possible to add the SharePoint groups we want to add.
I’ve found many threads out on the InterWebz where others have run into this (here and here, for example), but no solutions. I’m feeling that this is another case where the Managed Metadata Service just isn’t fully baked in SharePoint 2010. Managing permissions using SharePoint groups is best practice, but SharePoint groups can’t be added as Contributors. One can certainly create an Active Directory group instead (and this is probably what we will do in this case), but that shifts the content management aspect of the permissions to a different person in the organization. For the client I’m working on, it’s basically a question over a cube wall, but in an “enterprise”-sized organization, it would be a nightmare. In every large organization I’ve been involved with either as an employee or a consultant, Active Directory is an unholy mess managed by people who refuse to even entertain the idea of being useful. Odds are that we’d resort to adding individuals as Contributors instead, which has drawbacks as well. So there’s no lovely answer here in my post, but at least I think I understand what’s going on. Even if it’s clear to you why this behavior makes sense, you have to agree that the error message (like so many in SharePoint) is basically useless.