Access Denied!How to Successfully Manage Team Site Permissions in SharePoint 2010                   Veronique Palmer, Lets...
Getting on the  Same Page
Site Types         Internet Sites          Extranet SitesIntranet Sites         Team Sites               My Sites       Bu...
2 questions to ask when uploading     content
1. Whoneeds to see it
Everyone     Your Team       Just You Intranet     Team Site        My SiteWho Are We     Shared                          ...
2. Whatmust theydo with it
Default Team Site Permissions         Members         Owners         Visitors
Read / Download          Site VisitorsEdit / Upload / Delete   Site Members     Manage              Site Owners
Default Team Site Permissions
Super Power Rights Site Collection Administrators
Considerations
Build sites firstAdd users last
Naming Standards Content owners = Site OwnersContent Creators = Site Members      Consumers = Site Visitors    Avoid confu...
Add users to groups!
Add users to groups!
Planning!
LC IntranettimeFull time       Part staff            contractors  Accountant   Future?
InformationArchitecture …
Can’t expectbeginners to just    get this!
Training!                 Site Collection                          Administrator            SharePoint                    ...
What Can You Restrict?
Site Level (Unique or Inherited Permissions)List and Library Level           Document (Item) Level
Called  “Breakinginheritance”
Bad idea on document level!
SHAREPoint remember?
Unique vsInherited Site Permissions
U = Unique Site                  Top : HR Site Collection          What you do on the siteI = Inherited Site              ...
Everyone     Your Team Intranet     Team SiteWho Are We     SharedWhat We Do   OperationalContact Us   Working Docs Inheri...
“Too many groupswith unique sites”     So…?
SharePoint can handle it!   500 million social tags, notes and ratings                  5000 groups is how many each use...
ALWAYS click More Options first!
The  defaultsetting isto inherit, change!
Watch the Visitors group
Watch the Visitors group
Unique permissions correct
LimitedAccess
= Limited Access Chaos
Don’t just delete these!     = Access Denied   No undo button
Document it!
Check who or what is unique                      What     Who
But!Per site only!
CustomGroups
Where possible,stick to default groups, but…
Tie groups to lists / libraries
PS : Delete site – delete customgroups manually
Active Directory        vsSharePoint Groups
Pros                            Cons            SharePoint Groups• Can see the users in the    • Cannot have duplicate  gr...
Pros  Active Directory Groups• Groups can be in groups• Easier to add / remove a user to  multiple site collections
Cons      Active Directory Groups• Can’t see users in         • Person / Group  SharePoint                   metadata Colu...
HybridSharePoint Approach Groups                      AD Groups
SPAD
Governance
Control orenablement
Who can beSite Owners or SCA’s?
AddingNT AUTHORITYauthenticated    users?
Delete Rights
Site Permissions
Site Members can delete content and versions!
Cannot change setting  On a subsite level
Only on sitecollection level!
Item level    permissions(top of the food chain)
Options available whencreating a new group or assigning permissions
Communicate!!
Management   Tools
Farm level changes?  Specific user report?Specific document report?          etc…
KeyInsights
Enemy?Can’t preventBreed cultureEducateAutomate
Switch off?
Planning          TrainingGovernance   3rd   Party Tool
Ideas to Action
Search for “sensitive” content     Review permissions          Clean up
ResourcesSharePoint 2010 Permissions for Site Owners – 3 Part Serieshttp://veroniquepalmer.com/2012/03/18/sharepoint-2010-...
Office 365 Permissions Basicshttp://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2012/05/30/under...
Veronique Palmer Lets Collaborate      @veroniquepalmerveronique@letscollaborate.co.za    Phone +27 11 966 8060
SharePoint Team Site Permissions #Share4Biz
SharePoint Team Site Permissions #Share4Biz
SharePoint Team Site Permissions #Share4Biz
SharePoint Team Site Permissions #Share4Biz
SharePoint Team Site Permissions #Share4Biz
Upcoming SlideShare
Loading in...5
×

SharePoint Team Site Permissions #Share4Biz

1,420

Published on

Presented at Share Conference in Jhb on 12 March 2013. Apologies for uploading the PDf, Slideshare keeps rejecting the Ppt version. I can Dropbox it if required.

Published in: Technology
2 Comments
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,420
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
30
Comments
2
Likes
2
Embeds 0
No embeds

No notes for slide

SharePoint Team Site Permissions #Share4Biz

  1. 1. Access Denied!How to Successfully Manage Team Site Permissions in SharePoint 2010 Veronique Palmer, Lets Collaborate SHARE 2013| 1
  2. 2. Getting on the Same Page
  3. 3. Site Types Internet Sites Extranet SitesIntranet Sites Team Sites My Sites Built on Publishing or Team Site Templates, etc
  4. 4. 2 questions to ask when uploading content
  5. 5. 1. Whoneeds to see it
  6. 6. Everyone Your Team Just You Intranet Team Site My SiteWho Are We Shared Shared DocsWhat We Do Operational Personal DocsContact Us Working Docs
  7. 7. 2. Whatmust theydo with it
  8. 8. Default Team Site Permissions Members Owners Visitors
  9. 9. Read / Download Site VisitorsEdit / Upload / Delete Site Members Manage Site Owners
  10. 10. Default Team Site Permissions
  11. 11. Super Power Rights Site Collection Administrators
  12. 12. Considerations
  13. 13. Build sites firstAdd users last
  14. 14. Naming Standards Content owners = Site OwnersContent Creators = Site Members Consumers = Site Visitors Avoid confusion
  15. 15. Add users to groups!
  16. 16. Add users to groups!
  17. 17. Planning!
  18. 18. LC IntranettimeFull time Part staff contractors Accountant Future?
  19. 19. InformationArchitecture …
  20. 20. Can’t expectbeginners to just get this!
  21. 21. Training! Site Collection Administrator SharePoint Advanced Advanced Intermediate Lists and Libraries Beginners START HERE
  22. 22. What Can You Restrict?
  23. 23. Site Level (Unique or Inherited Permissions)List and Library Level Document (Item) Level
  24. 24. Called “Breakinginheritance”
  25. 25. Bad idea on document level!
  26. 26. SHAREPoint remember?
  27. 27. Unique vsInherited Site Permissions
  28. 28. U = Unique Site Top : HR Site Collection What you do on the siteI = Inherited Site HR Members, below affects the site Owners Visitors above, and vice versa! I Training U Performance I Recruitment HR Members, Performance Members, HR Members, Owners, Visitors Owners, Visitors Owners Visitors U Course Packs I Disciplinaries I Internal Only Course Packs Members, Performance Members, HR Members, Owners, Visitors Owners, Visitors Owners Visitors Inheritance is broken, U Exco Reviews I CV Management what you do here will not Exco Reviews Members, HR Members, affect the site above it. Owners, Visitors Owners Visitors
  29. 29. Everyone Your Team Intranet Team SiteWho Are We SharedWhat We Do OperationalContact Us Working Docs Inherited Unique
  30. 30. “Too many groupswith unique sites” So…?
  31. 31. SharePoint can handle it! 500 million social tags, notes and ratings  5000 groups is how many each user can belong to 30 million documents per library  5000 users can be in one Active Directory group 30 million items in a list  2000 site collections per content database 2 million users per service application  2000 subsites under View All Site Content 1 million alerts on Searches  1000 comments per blog post 1 million terms and terms sets  1500 projects deliverables per Project Server plan 400 000 major versions per document  1800 documents in a SharePoint Workspace 250 000 site and subsites per site collection  100 items at a time you can bulk edit 10 000 user groups per site collection  99 people editing Word / PowerPoint simultaneously 10 000 metadata tags recognised per item when searched  25 web parts per page / wiki 5000 documents or list items displayed per page  2GB per document upload size 5000 blogs per site Can you handle it?
  32. 32. ALWAYS click More Options first!
  33. 33. The defaultsetting isto inherit, change!
  34. 34. Watch the Visitors group
  35. 35. Watch the Visitors group
  36. 36. Unique permissions correct
  37. 37. LimitedAccess
  38. 38. = Limited Access Chaos
  39. 39. Don’t just delete these! = Access Denied No undo button
  40. 40. Document it!
  41. 41. Check who or what is unique What Who
  42. 42. But!Per site only!
  43. 43. CustomGroups
  44. 44. Where possible,stick to default groups, but…
  45. 45. Tie groups to lists / libraries
  46. 46. PS : Delete site – delete customgroups manually
  47. 47. Active Directory vsSharePoint Groups
  48. 48. Pros Cons SharePoint Groups• Can see the users in the • Cannot have duplicate groups group names• Site Owners can add and • Must delete users manually remove users • Can’t add a group into a• Displays sites in your My group Sites Memberships list • Strain on Site Owners
  49. 49. Pros Active Directory Groups• Groups can be in groups• Easier to add / remove a user to multiple site collections
  50. 50. Cons Active Directory Groups• Can’t see users in • Person / Group SharePoint metadata Column• Dependent on accurate AD doesn’t work• Red tape to update (3rd • Disempowers users party workaround) • Strain on AD team
  51. 51. HybridSharePoint Approach Groups AD Groups
  52. 52. SPAD
  53. 53. Governance
  54. 54. Control orenablement
  55. 55. Who can beSite Owners or SCA’s?
  56. 56. AddingNT AUTHORITYauthenticated users?
  57. 57. Delete Rights
  58. 58. Site Permissions
  59. 59. Site Members can delete content and versions!
  60. 60. Cannot change setting On a subsite level
  61. 61. Only on sitecollection level!
  62. 62. Item level permissions(top of the food chain)
  63. 63. Options available whencreating a new group or assigning permissions
  64. 64. Communicate!!
  65. 65. Management Tools
  66. 66. Farm level changes? Specific user report?Specific document report? etc…
  67. 67. KeyInsights
  68. 68. Enemy?Can’t preventBreed cultureEducateAutomate
  69. 69. Switch off?
  70. 70. Planning TrainingGovernance 3rd Party Tool
  71. 71. Ideas to Action
  72. 72. Search for “sensitive” content Review permissions Clean up
  73. 73. ResourcesSharePoint 2010 Permissions for Site Owners – 3 Part Serieshttp://veroniquepalmer.com/2012/03/18/sharepoint-2010-permissions-for-site-owners-part-1-creating-a-team-site/http://veroniquepalmer.com/2012/03/19/sharepoint-2010-permissions-for-site-owners-part-2-members-owners-and-visitors/http://veroniquepalmer.com/2012/03/24/sharepoint-2010-permissions-for-site-owners-part-3-creating-a-new-group/SharePoint Permissions Song for Funhttp://veroniquepalmer.com/2010/01/14/sharepoint-permissions-song/Site Collection Administrator and Farm Administrator Dutieshttp://office.microsoft.com/en-us/sharepoint-server-help/permissions-for-site-collection-administrators-HA101943260.aspx?CTT=1More Info for Site Collection Administratorshttp://office.microsoft.com/en-us/sharepoint-server-help/control-user-access-with-permissions-HA101794487.aspx?CTT=5&origin=HA101794118SharePoint 2010 Groups and Permissions Reference Charthttp://office.microsoft.com/en-us/templates/results.aspx?qu=SharePoint&origin=HA101943260&CTT=5#ai:TC101977256|Control Access to a Specific Piece of Contenthttp://office.microsoft.com/en-us/sharepoint-server-help/control-access-for-a-specific-piece-of-content-HA101805400.aspx?CTT=5&origin=HA101794118Information Rights Managementhttp://office.microsoft.com/en-za/sharepoint-server-help/apply-information-rights-management-to-a-list-or-library-HA101790603.aspxWindows Rights Management Services Downloadhttp://www.microsoft.com/en-us/download/details.aspx?id=13781SharePoint 2013 Permissionshttp://technet.microsoft.com/en-us/library/cc262939.aspx
  74. 74. Office 365 Permissions Basicshttp://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2012/05/30/understanding-permissions-in-office-365-the-basics.aspxWorking with Permission Levelshttp://office.microsoft.com/en-us/sharepoint-server-help/edit-create-and-delete-permission-levels-HA101805381.aspx?CTT=5&origin=HA101794118Choosing a Security Grouphttp://technet.microsoft.com/en-us/library/cc261972.aspxManage Memberships of SharePoint 2010 Groupshttp://office.microsoft.com/en-us/sharepoint-server-help/manage-membership-of-security-groups-HA101794106.aspx?CTT=5&origin=HA101794118Setting Permissions on Viewshttp://www.sharepoint911.com/blogs/laura/Lists/Posts/Post.aspx?ID=76Allowing Anonymous Users to Comment on Blogshttp://www.sharepointedutech.com/2011/01/20/how-to-allow-anonymous-users-to-comment-on-a-sharepoint-2010-blog/TechNet Explanation of Permission Levelshttp://technet.microsoft.com/en-us/library/cc721640(v=office.14).aspxRestricting Access for Search Purposeshttp://office.microsoft.com/en-us/sharepoint-server-help/enable-content-to-be-searchable-HA010379092.aspxSharePoint Security Issueshttp://community.bamboosolutions.com/blogs/sharepoint-2010/archive/2010/06/09/teched-2010-sharepoint-security-permissions-identities-amp-objects-including-a-gotcha-that-breaks-security-trimming.aspx
  75. 75. Veronique Palmer Lets Collaborate @veroniquepalmerveronique@letscollaborate.co.za Phone +27 11 966 8060
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×