SharePoint Permission Model
advertisement
1 San Francisco PG&E SharePoint Users Group April 10, 2014 San Francisco SharePoint Users Group – April 2014 Best PracticeSharePoint Permission Management 2 San Francisco SharePoint Users Group – April 2014 Goals for permission management • Easy to understand • Self-documenting • Secures confidential content • Easy to administer • Keep track of who changes permissions 3 San Francisco SharePoint Users Group – April 2014 4 Knowledge Assumptions • Basic SharePoint Navigation • Know how to create groups • Know how to add users to groups http://xkcd.com/1339/ San Francisco SharePoint Users Group – April 2014 5 San Francisco SharePoint Users Group – April 2014 6 San Francisco SharePoint Users Group – April 2014 SharePoint Permissions Model 7 San Francisco SharePoint Users Group – April 2014 SharePoint Permission Model 8 San Francisco SharePoint Users Group – April 2014 SharePoint Permission Model 9 San Francisco SharePoint Users Group – April 2014 View Permissions Inheritance Access via -> Site Settings -> Site Permissions -> Show these items 10 San Francisco SharePoint Users Group – April 2014 Three Levels of Admin Rights In descending order of power • Primary/Secondary Site Collection Administrators Can only be changed by Farm Administrators Highest level of admin rights for a site collection Receive system emails for site collection Has admin rights to everything in site collection • Site Collection Administrators Can be added/removed by other Site Collection Admins Receive system emails for site collection Cannot remove Primary/Secondary SCAs Has admin rights to everything in site collection • Users with Full Control Rights Cannot added/remove SCAs Can control permissions of other users Do not receive system emails for site collection Can delete objects they have full control on This includes the entire site collection if they have rights at the root! 11 San Francisco SharePoint Users Group – April 2014 Enable Auditing Access via -> Site Settings -> Configure Audit Settings 12 San Francisco SharePoint Users Group – April 2014 Best Practices • Keep permissions Safe for Work, no naked IDs • Use the default groups whenever possible • Create new groups for specific security needs • Create new groups at the root of your site collection with read permission, then elevate • Document in the group’s description what it provides access to • Place more public information at the upper levels of your site • Place more secure information at the lower levels of your site • Limit the number of users with admin rights • If needed, enable auditing 13 San Francisco SharePoint Users Group – April 2014 Fixing Permissions • Role Based or Hierarchy Based • Plan a new group where ever a specific, discrete permission requirement exists • Make the group names as descriptive as possible, and/or write out a detailed, plain English narrative of the group’s purpose in the Description field • Create all groups at the root of your site collection with Read permissions • Elevate these permissions as needed within the site • Place users into groups as required 14 San Francisco SharePoint Users Group – April 2014 Fixing Permissions • Communicate out to your users the date & time you will be switching over to a new permissions management scheme • Ensure your users know they should contact you directly if they lose access to anything • On the date and time agreed upon, remove all individually assigned users permissions on your site • All that should be left are groups on your permissions screens 15 San Francisco SharePoint Users Group – April 2014 Questions Source: http://xkcd.com/1349 16 17 Thank You Presenter Patrick.Reeves@pge.com
