SharePoint Team Site Permissions #Share4Biz
-
Upload
veronique-palmer -
Category
Technology
-
view
1.265 -
download
4
description
Transcript of SharePoint Team Site Permissions #Share4Biz
SHARE 2013| 1
Access Denied!
How to Successfully Manage Team Site Permissions in SharePoint 2010
Veronique Palmer, Lets Collaborate
Getting on the Same Page
Intranet Sites Team Sites My Sites
Site Types Extranet Sites Internet Sites
Built on Publishing or Team Site Templates, etc
2 questions to ask when uploading
content
1. Who needs to
see it
Everyone Just You Your Team
Team Site My Site Intranet
Who Are We What We Do Contact Us
Shared Operational
Working Docs
Shared Docs Personal Docs
2. What must they do with it
Default Team Site Permissions
Members Owners Visitors
Manage
Edit / Upload / Delete
Read / Download
Site Owners
Site Members
Site Visitors
Default Team Site Permissions
Super Power Rights
Site Collection Administrators
Considerations
Build sites first Add users last
Content owners Content Creators
Consumers
Naming Standards
Avoid confusion
= Site Owners = Site Members = Site Visitors
Add users to groups!
Add users to groups!
Planning!
LC Intranet
Future?
Part time contractors
Full time staff
Accountant
Information Architecture …
Can’t expect beginners to just
get this!
Training!
Beginners
Lists and Libraries
Intermediate
Advanced
START HERE
Site Collection Administrator
Shar
ePo
int
Advanced
Beginners
Lists and Libraries
Intermediate
Site Collection Administrator
What Can You Restrict?
Site Level (Unique or Inherited Permissions)
Document (Item) Level
List and Library Level
Called “Breaking
inheritance”
Bad idea on document level!
SHAREPoint
remember?
Unique vs Inherited Site Permissions
Top : HR Site Collection HR Members,
Owners Visitors
Training HR Members,
Owners, Visitors
Performance Performance Members,
Owners, Visitors
Recruitment HR Members,
Owners Visitors
Course Packs Course Packs Members,
Owners, Visitors
Disciplinaries Performance Members,
Owners, Visitors
Internal Only HR Members,
Owners Visitors
Exco Reviews Exco Reviews Members,
Owners, Visitors
CV Management HR Members,
Owners Visitors
What you do on the site below affects the site above, and vice versa!
U = Unique Site
I I
I
I
U
I U
U
I = Inherited Site
Inheritance is broken, what you do here will not
affect the site above it.
Everyone
Intranet
Who Are We What We Do Contact Us
Your Team
Team Site
Shared Operational
Working Docs
Inherited Unique
“Too many groups with unique sites”
So…?
500 million social tags, notes and ratings
30 million documents per library
30 million items in a list
2 million users per service application
1 million alerts on Searches
1 million terms and terms sets
400 000 major versions per document
250 000 site and subsites per site collection
10 000 user groups per site collection
10 000 metadata tags recognised per item when searched
5000 documents or list items displayed per page
5000 blogs per site
5000 groups is how many each user can belong to
5000 users can be in one Active Directory group
2000 site collections per content database
2000 subsites under View All Site Content
1000 comments per blog post
1500 projects deliverables per Project Server plan
1800 documents in a SharePoint Workspace
100 items at a time you can bulk edit
99 people editing Word / PowerPoint simultaneously
25 web parts per page / wiki
2GB per document upload size
SharePoint can handle it!
Can you handle it?
ALWAYS click More Options first!
The default
setting is to inherit, change!
Watch the Visitors group
Watch the Visitors group
Unique permissions correct
Limited Access
= Limited Access Chaos
Don’t just delete these!
No undo button = Access Denied
Document it!
Check who or what is unique
Who
What
But! Per site only!
Custom Groups
Where possible, stick to default
groups, but…
Tie groups to lists / libraries
PS : Delete site – delete custom
groups manually
Active Directory vs
SharePoint Groups
SharePoint Groups Pros Cons
• Can see the users in the groups
• Site Owners can add and remove users
• Displays sites in your My Sites Memberships list
• Cannot have duplicate group names
• Must delete users manually • Can’t add a group into a
group • Strain on Site Owners
Active Directory Groups
Pros
• Groups can be in groups • Easier to add / remove a user to
multiple site collections
Active Directory Groups Cons
• Can’t see users in SharePoint
• Dependent on accurate AD • Red tape to update (3rd
party workaround)
• Person / Group metadata Column doesn’t work
• Disempowers users • Strain on AD team
SharePoint Groups
Hybrid Approach
AD Groups
AD SP
Governance
Control or enablement
Who can be Site Owners or SCA’s?
Adding NT AUTHORITY\ authenticated
users?
Delete Rights
Site Permissions
Site Members can delete content and versions!
Cannot change setting On a subsite level
Only on site collection level!
Item level permissions
(top of the food chain)
Options available when creating a new group or assigning permissions
Communicate!!
Management Tools
Farm level changes? Specific user report?
Specific document report?
etc…
Key Insights
Enemy? Can’t prevent Breed culture Educate Automate
Switch off?
Planning Training
Governance 3rd Party Tool
Ideas to Action
Search for “sensitive” content
Review permissions
Clean up
SharePoint 2010 Permissions for Site Owners – 3 Part Series http://veroniquepalmer.com/2012/03/18/sharepoint-2010-permissions-for-site-owners-part-1-creating-a-team-site/ http://veroniquepalmer.com/2012/03/19/sharepoint-2010-permissions-for-site-owners-part-2-members-owners-and-visitors/ http://veroniquepalmer.com/2012/03/24/sharepoint-2010-permissions-for-site-owners-part-3-creating-a-new-group/ SharePoint Permissions Song for Fun http://veroniquepalmer.com/2010/01/14/sharepoint-permissions-song/ Site Collection Administrator and Farm Administrator Duties http://office.microsoft.com/en-us/sharepoint-server-help/permissions-for-site-collection-administrators-HA101943260.aspx?CTT=1 More Info for Site Collection Administrators http://office.microsoft.com/en-us/sharepoint-server-help/control-user-access-with-permissions-HA101794487.aspx?CTT=5&origin=HA101794118 SharePoint 2010 Groups and Permissions Reference Chart http://office.microsoft.com/en-us/templates/results.aspx?qu=SharePoint&origin=HA101943260&CTT=5#ai:TC101977256| Control Access to a Specific Piece of Content http://office.microsoft.com/en-us/sharepoint-server-help/control-access-for-a-specific-piece-of-content-HA101805400.aspx?CTT=5&origin=HA101794118 Information Rights Management http://office.microsoft.com/en-za/sharepoint-server-help/apply-information-rights-management-to-a-list-or-library-HA101790603.aspx Windows Rights Management Services Download http://www.microsoft.com/en-us/download/details.aspx?id=13781 SharePoint 2013 Permissions http://technet.microsoft.com/en-us/library/cc262939.aspx
Resources
Office 365 Permissions Basics http://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2012/05/30/understanding-permissions-in-office-365-the-basics.aspx Working with Permission Levels http://office.microsoft.com/en-us/sharepoint-server-help/edit-create-and-delete-permission-levels-HA101805381.aspx?CTT=5&origin=HA101794118 Choosing a Security Group http://technet.microsoft.com/en-us/library/cc261972.aspx Manage Memberships of SharePoint 2010 Groups http://office.microsoft.com/en-us/sharepoint-server-help/manage-membership-of-security-groups-HA101794106.aspx?CTT=5&origin=HA101794118 Setting Permissions on Views http://www.sharepoint911.com/blogs/laura/Lists/Posts/Post.aspx?ID=76 Allowing Anonymous Users to Comment on Blogs http://www.sharepointedutech.com/2011/01/20/how-to-allow-anonymous-users-to-comment-on-a-sharepoint-2010-blog/ TechNet Explanation of Permission Levels http://technet.microsoft.com/en-us/library/cc721640(v=office.14).aspx Restricting Access for Search Purposes http://office.microsoft.com/en-us/sharepoint-server-help/enable-content-to-be-searchable-HA010379092.aspx SharePoint Security Issues http://community.bamboosolutions.com/blogs/sharepoint-2010/archive/2010/06/09/teched-2010-sharepoint-security-permissions-identities-amp-objects-including-a-gotcha-that-breaks-security-trimming.aspx