Your SlideShare is downloading. ×
  • Like
SharePoint Permissions Worst Practices
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

SharePoint Permissions Worst Practices

  • 39,392 views
Published

Dug yourself into a SharePoint permissions hole? See how you can unearth yourself and avoid common mistakes from real life scenarios.

Dug yourself into a SharePoint permissions hole? See how you can unearth yourself and avoid common mistakes from real life scenarios.

Published in Technology , Design
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • great work
    Are you sure you want to
    Your message goes here
  • Mr. Chang, very nice presenation. Thank you for this!
    Are you sure you want to
    Your message goes here
  • a very nice presentation, thanks Bobby Great work..
    Are you sure you want to
    Your message goes here
  • Good and clear presentation, thanks a lot!
    Are you sure you want to
    Your message goes here
  • This was a terrific presentation, Bobby! Nicely done.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
39,392
On SlideShare
0
From Embeds
0
Number of Embeds
7

Actions

Shares
Downloads
736
Comments
9
Likes
35

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 1 | @bobbyschang | bobbyspworld.com Worst Practices Bobby Chang @bobbyschang
  • 2. 2 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Contact Info • slideshare.net/bobbyschang • linkedin.com/in/bchang • @bobbyschang • bobbyspworld.com Bobby Chang SharePoint Consultant at Planet Technologies
  • 3. Why Worst Practices? 3 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 4. Rather Than a List of To-Do’s
  • 5. At Times It’s More Effective (and Fun) to Share What NOT To Do 5 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 6. And Scare You Share With You Its Consequences
  • 7. Basic Overview SharePoint Permissions
  • 8. Permissions Fundamental To Provide or Restrict Users with Access to SharePoint Content 8 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 9. 9 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Site Collection Site Child Site List / Library Item
  • 10. 10 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Site Collection Site Child Site List / Library Item Break Inheritance
  • 11. 11 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Site Collection Site Child Site List / Library Item Break Inheritance
  • 12. Permission Level Determines how much access a user has 12 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 13. Read • View Content • Target Audience = Visitors, Clients, Extended Team Contribute • Create, Read, Update, Delete content • Target Audience = Team Members, Supervisors Full Control • “The Kitchen Sink” • Target Audience = Site Administrators, Site Managers 13 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 14. 14 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com “Edit” Team Members
  • 15. Edit Contribute 15 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 16. Edit Contribute Delete List/Library Edit is NOT recommended 16 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 17. Worst Practice No Planning
  • 18. 18 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Right?
  • 19. Planning Matters Planning Matters
  • 20. Do You Have a Permission Strategy? Photo Credit – Matthew Keagle & Creative Commons
  • 21. 21 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com - What is purpose of the site? - Gathering Info vs. Dissemination - Extranet vs. Intranet - Who’s the target audience? - Is there any restricted content? - Access for anyone outside org? - Are there different member roles? - Any group specific classified info? - Who’s the Site Manager? - What is documentation process? - How will you address training? - How will permissions be governed?
  • 22. • Consensus on processes and set expectations • Increased team awareness • Better understanding of SharePoint intricacies • More effectively managed platform • Compliance with rules and regulations 22 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 23. “A governance strategy is never static – it is a living, breathing process and a set of rules that you should live by, not die by!” --Christian Buckley, MVP @buckleyplanet 23 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 24. Governance Should Evolve as Your SharePoint Platform Matures 24 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 25. Worst Practice “Full Control” for Everyone
  • 26. 26 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Create & Delete Sites Create SharePoint Groups Manage Site & List/Library Permissions Activate & Deactivate SharePoint Features Create, Update, Delete List/Library Public View Generate Site Web Analytics Reports Create, Modify, Delete SharePoint workflow Create, Modify, Delete Site & List/Library Columns Delete Site & List Template Delete Master Page & Page Layout Add, Update, Delete a Wiki and Web Part Page Add, Update, Delete Web Parts Etc. etc. etc.
  • 27. 27 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 28. 28 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 29. Dear Site Managers, You play a pivotal role to SharePoint success (or failure)
  • 30. When asked to pleeasseee have access to EVERYTHING
  • 31. Let’s not rush to give Full Control Image Credit: © SheKnows LLC
  • 32. • What type of “access”? • What exactly is “everything”? • Majority of the time, you may find: – “Everything” may pertain only to Documents – “Access” could mean Read/Update/Delete Documents – Thus Contribute access may be sufficient 32 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 33. • Ensure user completed necessary training • Check or Refine governance policy • Consider other permission levels that may fulfill needs (e.g.: “Design”) 33 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 34. 34 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Thy requests must go through me … It’s not that you’re a control freak
  • 35. Simply can’t have everyone manage your site
  • 36. Worst Practice Assigning Permissions to Individual Users
  • 37. • Team Growth • Role Change for Existing Users: – Expanded Responsibilities – Rolling Off Project – Promotions • Onboarding New Employees • Employee Departures 38 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 38. Where in the World is Carmen Sandiego? 39 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 39. • Hard to decipher who has what level of access • Cumbersome to manage existing permissions • SharePoint Out-of-Box “Check Permissions” function is rather limited 40 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 40. Instead, Use … SharePoint Group
  • 41. First, Assign Permissions to SharePoint Group 42 | @bobbyschang | Then Add or Remove Users from the Grlinokedinu.comp/in/bchang | bobbyspworld.com
  • 42. For SP2013 Microsoft recommends … AD Group (Active Directory)
  • 43. 44 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com AD Group
  • 44. • Recommended by MSFT for performance • Use AD group in SharePoint only if – AD group definition is well defined – IT Team is proactive in updating membership • Membership should be up-to-date to ensure proper access in SharePoint 45 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 45. Worst Practice Default Settings for SharePoint Groups
  • 46. 47 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 47. 48 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 48. • Site Managers could be locked out • Be Mindful of Defaults Settings when creating new SharePoint groups 49 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 49. Default -> the user who created group ALWAYS assign a group as group owner Preferably Site Collection Owner or Site Owner group 50 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 50. Default -> only Group Members can view Instead open membership list to everyone 51 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 51. 52 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 52. • “Unique permissions” option is available 53 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com • This option: – Breaks site permission inheritance – Allows you to create 3 new SharePoint groups
  • 53. 54 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 54. Reflect and Assess! Do I really need unique site permissions? Do I need all 3 new SharePoint Groups? Is there an existing group that I can use? 55 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 55. Worst Practice Item Level Permissions
  • 56. • Item = Document, List Item (e.g.: Calendar, Task, etc.) • You can set permissions at the Item Level 57 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 57. doesn’t mean you should Just because you can …
  • 58. • Library/List View doesn’t differentiate unique permissions 59 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com • Laborious admin • Manual process of checking broken permissions • Changing permissions require updates to each file • May lead to performance issue
  • 59. F A C T : Reduced performance after 5000 files break inheritance See Microsoft references: http://bit.ly/1iMmyiC 60 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 60. • Intuitive & Convenient • Embraces social • Great tie-in to other components 62 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 61. Sharing is Caring! Right?? 63 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 62. 64 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Available via File Preview The Gotchas • Convenient but hard to govern • UX is different than other share functions • Could break permission inheritance of file • Could grant permissions to individual users For more details, read this great resource by Sharon Richardson
  • 63. 65 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Contributor Note: It contradicts Contribute permissions level
  • 64. Item Level Permission (Worst Practice #5) Permissions for Ind. Users (Worst Practice #3) + ________________________________ 66 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Oh so easy “Share” File in sp2013
  • 65. *BONUS* Worst Practice Fun with Limited Access
  • 66. 68 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 67. Because Limited Access is The Devil
  • 68. If user is not declared in site permissions, Permissions given to a user at library or list level 70 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com leads to “Limited Access” creation for user at the site level Site List / Library Limited Access Contribute
  • 69. • Can’t easily identify where access was granted • Clutters site permission page • No easy clean-up process
  • 70. When You Delete User’s Limited Access at Site, SharePoint Automatically Removes User’s Permissions in Library/List/File Site List / Library 72 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Limited Access Contribute
  • 71. Limited Access can now be hidden 73 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 72. What if you’re already in a permission hole? 74 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 73. First Things First – Stop the Bleeding! e.g.: Change Full Control access for unqualified folks to Design 75 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 74. Assess the Damage and Document Findings 76 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 75. 77 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com • SharePoint Out-of-Box – Unique access displayed in site permissions page – Manual process conducted per site • PowerShell script • Third Party Tools – Codeplex (v. 2010/2007): SP Permissions Manager – #SPYam Community Recommended: DeliverPoint by ControlPoint by
  • 76. Few Considerations During Permissions Clean-Up 78 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 77. One is the loneliest number • Requires commitment, time, and effort – Warning: You may not get it done in a day • Don’t do it yourself! – Gather requirements from business users – Leverage other team members Photo Credit - The Daily Journal
  • 78. For Worst Case Scenario, Consider Starting Over 80 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 79. • It may be more beneficial to start over 81 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com • Consider the following path: – Inheriting all permissions in site collection – Then manually reconfiguring permissions • This route could be high risk, high reward
  • 80. 82 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com • Get executive buy-in • Yield needs from business functions • Devise plan with Content/Site Managers • Communicate impact to user community
  • 81. Mitigate Survey the Field Clean Up Manage & Control Do NOT forget this step!! 83 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 82. 84 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com • Enforce permissions governance • Gain leadership support: – Illustrate level of effort to remedy issue – Quantify the business impact ($) • Form & engage Governance Committee • Provide continuous training for Site Managers
  • 83. • Define processes to periodically assess 85 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com • Determine monitoring tools – SharePoint Audit log reports (Manual process) – Automated Audit via Third Party tool
  • 84. 86 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com
  • 85. “The greatest accomplishment is not in never failing, but in rising again after you fall” --Vince Lombardi 87 | @bobbyschang | linkedin.com/in/bchang | bobbyspworld.com Photo Credit - Journal Communications, Inc.
  • 86. linkedin.com/in/bchang bobbyspworld.com @bobbyschang Questions? Feel Free to Contact Me Bobby Chang twitter.com/bobbyschang slideshare.net/bobbyschang