Why Teams call analytics are critical to your entire business
SharePoint Permissions Overview
1. Site Groups vs AD Groups in SharePoint
Permission Overview
2. Permission Levels
Type Description
Farm Manage permissions for service applications, site
collections and overall ability manage entire FARM
Site Collection Control all aspects within a site collection
Needs to be granted, does not inherit from Farm
Site Control all aspects within a site (Permission Levels
apply)
Can inherit from Site Collection
List Control all aspects within a list (Permission Levels apply)
Can inherit from Site
List Item Control all aspects of specific list item (Permission Levels
apply)
Can inherit from List
3. SharePoint Site Groups (SSG) vs. Active Directory Groups (ADG)
• Sites with SSG Only
• More flexibility for business to manage
• Doesn’t require IT intervention
• More admin overhead to manage
• Risk fine grain permission challenges in future
• Recommend investing in permission tool to manage
(IDERA / Lightning Tools)
• Sites with SSG that contain ADG
• Holistic user management from Active Directory
• Need IT intervention to manage permissions
• Quick & Easy removal of user – AD contains single point
for disable
• Recommended approach (requires proper governance
plan)
4. SharePoint
Site Group
AD Group
User
Illustrated Relationship – (ADG) Approach
How to implement?
- Users are assigned to AD Groups
- AD Groups are assigned to Site Groups
- Site Groups are assigned to Site Collection
- Sites get created
- Inheritance broken and permission
configured where applicable
Site
Collection
Site
List
List Item
5. Illustrated Relationship – Farm Level View
FARM
Site Collection - 1
Site - 1
List - 1
List Item - 1
Site Collection - 2
Site - 2
List - 2
List Item - 2
Farm Permissions allows for:
- Site Collection Admin Access
Provision
- Service Application Management
- Web Application Settings Config
- Other Farm Related Config