Permissions designed to scale
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Permissions designed to scale

on

  • 417 views

SharePoint Saturday permissions planning session.

SharePoint Saturday permissions planning session.

Statistics

Views

Total Views
417
Views on SlideShare
417
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Who has one? Not a checklist…it’s constantly changing every day and needs to be managed in the long term
  • Currently, is SharePoint a document repository? Is it critical to day to day business?Just internal users? Are there ways you can expand the use of SharePoint to offer more benefits to your organization? To partners? To the outside world?
  • Who do you trust to manage all the different parts of your SharePoint farm?
  • - Kerberos: Less traffic between servers, clients, and domain controllers- uses tickets instead of tokens so it doesn’t have to do a double hop to AD with each requestMuch more planning needed Anonymous: Instead, add the all Authenticated users security instead. This way actions can be traced to users.
  • CB lead, MG color
  • Break the inheritance and customize the Read permission level for a subsite to define what “read” really means to your organization

Permissions designed to scale Presentation Transcript

  • 1. Permissions: Designed to Scale Jamie Aliperti jamie.aliperti@axceler.com @jaliperti SharePoint Saturday Portland May 19th, 2012
  • 2. About Me Sales Engineering Manager Axceler based out of the Los Angeles office, and spend most of my time providing consultancy, training and support to current and future customers. I have over 7 years experience with Microsoft technologies, and lead the Los Angeles Sales Engineering team. Email: Jamie.Aliperti@axceler.com Twitter: @jaliperti
  • 3. About AxcelerImproving SharePoint Collaboration Since 2007 Mission: To enable enterprises to simplify, optimize, and secure their collaborative platforms Delivered award-winning administration and migration software since 1994 Over 2,000 global customersDramatically improve the managementof SharePoint Innovative products that improve security, scalability, reliability, “deployability” Making IT more effective and efficient and lower the total cost of ownershipFocus on solving specific SharePoint problems(Administration & Migration) Coach enterprises on SharePoint best practices Give administrators the most innovative tools available Anticipate customers’ needs Deliver best of breed offerings Stay in lock step with SharePoint development and market trends
  • 4. SharePoint Security Where to Start?Anyone have any ideas?
  • 5. Design Permissions as part of GovernanceGovernance is about taking action to help your organizationorganize, optimize, and manage your systems and resources.
  • 6. Questions to Ask How is your organization using SharePoint? Is there secure content in your SharePoint environment? Who is responsible for SharePoint Security? 5/30/2012
  • 7. Plan!How granular do you need to control access to content?Who manages all the different parts of your SharePoint farm?How do you want to manage your users?
  • 8. Farm Administrators Group Assigned in Central Admin and has permission to all servers and settings in the farmCentral Administration access, create new web apps, manage services, stsadm/PowerShell command Can take ownership of content: make themselves Site Collection Administrators 5/30/2012
  • 9. Authentication Methods A SharePoint environment must support user accounts that can beauthenticated by a trusted authorityHow do you authenticate your users?
  • 10. Windows Authentication NTLM:  Users authenticated by using the credentials on the running thread  Simple to implement  SharePoint will not be integrated with other applications Kerberos  If your SharePoint sites use external data  Credentials passed from one server to another (“double hop”)  Faster, more secure, and can be less error prone then NTLM Anonymous Access  No authentication needed to browse the site
  • 11. SharePoint AuthenticationDefined at the web application level
  • 12. Who Needs to Access SharePoint? Claims-based authentication mode: use any supported authentication method or else you will support only Windows authentication 5/30/2012
  • 13. Web Application Policies Quick way to apply permissions across web applicationsOnly part of SharePoint where users can be explicitly denied accessSet in Central Admin 5/30/2012
  • 14. Site Collection AdministratorsGiven full control over all sites in a site collectionAccess to settings pages Manage users, restores items, manage site hierarchyCannot access Central Admin 5/30/2012
  • 15. Securable ObjectsWhat can we secure?SiteLibrary or ListFolderDocument or Item
  • 16. InheritanceIf all sites and site content inheritthose permissions defined at the site collection, what’s so hard about managing permissions if they are defined so high in the hierarchy?
  • 17. Structure/Architecture Sub-site Site Sub-site Site Site Collection Web App Site Sub-site Site SiteFarm Collection Site Site Web App Collection Site Sub-site
  • 18. Permission LevelsCollections of permissions thatallow users to perform a set of related tasksPermission levels are defined at the site collection level
  • 19. Customizing Permission Levels The default permission levels are FullControl, Design, Contribute, Read, and Limited AccessWhat does “Read” mean to your organization? 5/30/2012
  • 20. SharePoint GroupsA group of users that are defined at site collection level for easy management of permissionsThe default SharePoint groups are Owners, Visitors, and Members, with Full Control, Read, and Contribute as their default permission levels respectivelyAnyone with Full Control permission can create custom groups 5/30/2012
  • 21. The Basics: PermissionsPermissions are applied on objects:1. Directly to users2. Directly to domain groups (visibility warning)3. To SharePoint Groups
  • 22. Best PracticeMake most users members of the Members or Visitors groups Members group can contribute to the site by adding or removing items or documents, but cannot change the structure, site settings, or appearance of the site. Visitors group has read-only access to the site, which means that they can see pages and items, and open items and documents, but cannot add or remove pages, items, or documents. 5/30/2012
  • 23. Plan for Permission InheritanceArrange sites and subsites, and lists and libraries so they can share most permissions Separate sensitive data into their own lists, libraries, or subsitePermission worksheet:http://go.microsoft.com/fwlink/p/?LinkID=213970&clcid=0x409 5/30/2012
  • 24. Stick to the Plan If you do break inheritance, Microsoft recommendsusing groups to avoid having to track individual usersPeople move in and out of teams and change responsibilities frequently Tracking those changes and updating the permissionsfor uniquely secured objects would be time-consuming and error-prone. 5/30/2012
  • 25. Go back and refine
  • 26. Questions and Answers
  • 27. Contact us for more infoContact me: jamie.aliperti@axceler.com Twitter@jaliperti