Your SlideShare is downloading. ×
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SharePoint Permissions Worst Practices

52,733

Published on

Dug yourself into a SharePoint permissions hole? See how you can unearth yourself and avoid common mistakes from real life scenarios.

Dug yourself into a SharePoint permissions hole? See how you can unearth yourself and avoid common mistakes from real life scenarios.

Published in: Technology, Design
9 Comments
53 Likes
Statistics
Notes
No Downloads
Views
Total Views
52,733
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
1,135
Comments
9
Likes
53
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1 | @bobbyschang | bobbyschang.com Worst Practices Bobby Chang @bobbyschang
  • 2. 2 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Contact Info • slideshare.net/bobbyschang • linkedin.com/in/bobbyschang • @bobbyschang • bobbyschang.com Bobby Chang SharePoint Consultant at Planet Technologies
  • 3. 3 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Why Worst Practices?
  • 4. Rather Than a List of To-Do’s
  • 5. 5 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com At Times It’s More Effective (and Fun) to Share What NOT To Do
  • 6. And Scare You Share With You Its Consequences
  • 7. SharePoint Permissions Basic Overview
  • 8. 8 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Permissions Fundamental To Provide or Restrict Users with Access to SharePoint Content
  • 9. 9 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Site Collection Site List / Library Item Child Site
  • 10. 10 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Site Collection Site List / Library Item Child Site Break Inheritance
  • 11. 11 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Site Collection Site List / Library Item Child Site Break Inheritance
  • 12. 12 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Permission Level Determines how much access a user has
  • 13. 13 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Contribute • Create, Read, Update, Delete content • Target Audience = Team Members, Supervisors Read • View Content • Target Audience = Visitors, Clients, Extended Team Full Control • “The Kitchen Sink” • Target Audience = Site Administrators, Site Managers
  • 14. 14 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com “Edit”
  • 15. 15 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Edit Contribute
  • 16. 16 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Edit Contribute Delete List/Library In other word, Edit is NOT recommended!
  • 17. No Planning Worst Practice
  • 18. 18 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Right?
  • 19. Planning Matters Planning Matters
  • 20. Photo Credit – Matthew Keagle & Creative Commons Do You Have a Permissions Strategy?
  • 21. 21 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com - What is purpose of the site? - Gathering Info vs. Dissemination - Extranet vs. Intranet - Who’s the target audience? - Is there any confidential info? - Access for anyone outside org? - Who’s the Site Manager? - Is there more than 1 team involved? - Any group confidential info? - How will you document? - What is your training plan? - How will permissions be governed?
  • 22. 22 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Consensus on processes and set expectations • Increased team awareness • Better understanding of SharePoint intricacies • More effectively managed platform • Compliance with rules and regulations
  • 23. 23 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com “A governance strategy is never static – it is a living, breathing process and a set of rules that you should live by, not die by!” --Christian Buckley, MVP @buckleyplanet
  • 24. 24 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com SharePoint Platform Matures Governance Should Evolve as Your
  • 25. “Full Control” for Everyone Worst Practice
  • 26. 26 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Create & Delete Sites Create SharePoint Groups Manage Site & List/Library Permissions Activate & Deactivate SharePoint Features Create, Update, Delete List/Library Public View Generate Site Web Analytics Reports Create, Modify, Delete SharePoint workflow Create, Modify, Delete Site & List/Library Columns Delete Site & List Template Delete Master Page & Page Layout Add, Update, Delete a Wiki and Web Part Page Add, Update, Delete Web Parts Etc. etc. etc.
  • 27. 27 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 28. 28 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 29. Dear Site Managers, You play a pivotal role to SharePoint success (or failure)
  • 30. When asked to pleeasseee have access to EVERYTHING
  • 31. Image Credit: © SheKnows LLC Let’s not rush to give Full Control
  • 32. 32 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 33. 33 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • “Everything” may pertain only to Documents • “Access” could mean Read, Update, Delete Files • Thus, Contribute is sufficient
  • 34. 34 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Check or Refine governance policy Ensure required training completion Consider other permission level • Admin privilege without site provision or security control • e.g.: Design
  • 35. 35 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Thy requests must go through me … It’s not that you’re a control freak
  • 36. Simply can’t have everyone manage your site
  • 37. Assigning Permissions to Individual Users Worst Practice
  • 38. 39 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Team Growth • Role Change for Existing Users: – Expanded Responsibilities – Rolling Off Project – Promotions • Onboarding New Employees • Employee Departures
  • 39. 40 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Where in the World is Carmen Sandiego?
  • 40. 41 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Hard to decipher who has what level of access • Cumbersome to manage existing permissions • SharePoint Out-of-Box “Check Permissions” function is rather limited
  • 41. Instead, Use … SharePoint Group
  • 42. 43 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.comThen Add or Remove Users from the Group First, Assign Permissions to SharePoint Group
  • 43. 44 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com For SP2013 Microsoft recommends AD (Active Directory) Group SharePoint On-Prem Office 365 Security Group SharePoint Online
  • 44. 45 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com AD Group
  • 45. 46 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Recommended by MSFT for performance • Use AD group in SharePoint only if – AD group definition is well defined – IT Team is proactive in updating membership • AD Membership should be up-to-date to ensure proper access in SharePoint
  • 46. Default Settings for SharePoint Groups Worst Practice
  • 47. 48 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 48. 49 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 49. 50 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Site Managers could be locked out • Be Mindful of Default Settings when creating new
  • 50. 51 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com ALWAYS assign a group as group owner Preferably Site Collection Owner or Site Owner group Default -> the user who created group
  • 51. 52 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Instead open membership list to everyone Default -> only Group Members can view
  • 52. 53 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com What to Look For When Breaking Site Inheritance
  • 53. 54 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 54. 55 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Reflect and Assess! Do I really need unique site permissions? Do I need all 3 new SharePoint Groups? Is there an existing group that I can use?
  • 55. Item Level Permissions Worst Practice
  • 56. 57 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Item = Document or List Item • You can set permissions at the Item Level
  • 57. doesn’t mean you should Just because you can …
  • 58. 59 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • SharePoint View doesn’t differentiate unique permissions • Laborious administration • Manual process of checking broken permissions • Updating permissions requires a change to each file • May lead to performance issue
  • 59. 60 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com F A C T : Reduced performance after 5000 files break inheritance See Microsoft reference: http://bit.ly/1iMmyiC
  • 60. 62 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Embraces Social Intuitive and Convenient Great Tie-in with other components
  • 61. 63 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Sharing is Caring! Right??
  • 62. 64 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 63. 65 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 64. 66 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com The Gotchas • Convenient but hard to govern • UX is different than other share functions • Could break permission inheritance of file • Could grant permissions to individual users For more details, click to read this great resource by Sharon Richardson
  • 65. 67 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Contributor Note: It contradicts Contribute permissions level
  • 66. 68 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com But wait… In Office 365, you have options
  • 67. 69 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com (Under Site Permissions > Access Request Settings)
  • 68. 70 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Item Level Permission (Worst Practice #5) Permissions for Ind. Users (Worst Practice #3) Oh so easy “Share” File in sp2013 + ________________________________
  • 69. Fun with Limited Access *BONUS* Worst Practice
  • 70. 72 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 71. Because Limited Access is The Devil
  • 72. 74 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com If user is not declared in site permissions, Permissions given to a user at library or list level leads to “Limited Access” creation for user at the site level Site List / Library Limited Access Contribute
  • 73. • Can’t easily identify where access was granted • Clutters site permission • No easy clean-up process
  • 74. 76 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com When You Delete User’s Limited Access at Site, SharePoint Automatically Removes User’s Permissions in Library/List/File Site List / Library Limited Access Contribute
  • 75. 77 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Limited Access can now be hidden
  • 76. 78 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Already in a Permissions Hole?
  • 77. 79 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com First Things First – Stop the Bleeding! e.g.: Change Full Control access for unqualified folks to Design
  • 78. 80 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Assess the Damage and Document Findings
  • 79. 81 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Out of Box PowerShell Third-Party Product
  • 80. 82 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Review of site permissions page • Unique access are displayed in yellow Pro: Free (with SharePoint) Con: Manual Process and needs to be done per site
  • 81. 83 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • PoSh Script is your friend for reporting • Don’t reinvent the wheel! e.g.: Check out this script - http://bit.ly/1bH9f1v Pro: Highly Customizable, Repeatable, Powerful Con: (1) Require proper access and knowledge (2) SharePoint Online functions are currently limited
  • 82. 84 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Complexity of SharePoint permissions warrants a third-party tool investment • List below is recommended by community Note: this is NOT a personal endorsement
  • 83. 85 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Few Considerations During Permissions Clean-Up
  • 84. One is the loneliest number • Requires commitment, time, and effort – Warning: • Don’t do it yourself! – Gather requirements – Talk to the business users – Leverage other team members You may not get it done in 1 day Photo Credit - The Daily Journal
  • 85. 87 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com For Worst Case Scenario, Consider Starting Over
  • 86. 88 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Might be more beneficial to start over • Consider the following path: – Inherit all permissions in site collection – Manually reconfigure permissions • This route could be high risk, high reward
  • 87. 89 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Get executive buy-in • Yield needs from business functions • Devise plan with Content/Site Managers • Communicate impact to user community
  • 88. 90 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Mitigate Survey the Field Clean Up Manage & Control Do NOT forget this step!!
  • 89. 91 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Enforce permissions governance • Gain leadership support: – Illustrate level of effort to remedy issue – Quantify the business impact ($) • Form & engage Governance Committee • Provide continuous training for Site Managers
  • 90. 92 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Define processes to periodically assess • Determine monitoring tools – SharePoint Audit log reports – Compliance functions (e.g.: eDiscovery) – Automated Audit via Third Party tool
  • 91. 93 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  • 92. 94 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com “The greatest accomplishment is not in never failing, but in rising again after you fall” --Vince Lombardi Photo Credit - Journal Communications, Inc.
  • 93. linkedin.com/in/bobbyschang bobbyschang.com @bobbyschang Questions? Feel Free to Contact Me Bobby Chang twitter.com/bobbyschang slideshare.net/bobbyschang

×