pg&e sharepoint users group
DESCRIPTION
San Francisco. PG&E SharePoint Users Group. April 10, 2014. 2. Best Practice- SharePoint Permission Management. Goals for permission management. Easy to understand Self-documenting Secures confidential content Easy to administer Keep track of who changes permissions. - PowerPoint PPT PresentationTRANSCRIPT
1
PG&E SharePoint Users GroupApril 10, 2014
San Francisco
San Francisco SharePoint Users Group – April 2014 22
Best Practice-SharePoint PermissionManagement
San Francisco SharePoint Users Group – April 2014 3
Goals for permission management• Easy to understand• Self-documenting• Secures confidential content• Easy to administer• Keep track of who changes permissions
San Francisco SharePoint Users Group – April 2014 4
Knowledge Assumptions• Basic SharePoint Navigation• Know how to create groups• Know how to add users to groups
http://xkcd.com/1339/
San Francisco SharePoint Users Group – April 2014 5
San Francisco SharePoint Users Group – April 2014 6
San Francisco SharePoint Users Group – April 2014 7
SharePoint Permissions Model
San Francisco SharePoint Users Group – April 2014 8
SharePoint Permission Model
San Francisco SharePoint Users Group – April 2014 9
SharePoint Permission Model
San Francisco SharePoint Users Group – April 2014 10
View Permissions InheritanceAccess via -> Site Settings -> Site Permissions -> Show these items
San Francisco SharePoint Users Group – April 2014 11
Three Levels of Admin RightsIn descending order of power
• Primary/Secondary Site Collection AdministratorsCan only be changed by Farm AdministratorsHighest level of admin rights for a site collectionReceive system emails for site collectionHas admin rights to everything in site collection
• Site Collection AdministratorsCan be added/removed by other Site Collection AdminsReceive system emails for site collectionCannot remove Primary/Secondary SCAsHas admin rights to everything in site collection
• Users with Full Control RightsCannot added/remove SCAsCan control permissions of other usersDo not receive system emails for site collectionCan delete objects they have full control onThis includes the entire site collection if they have
rights at the root!
San Francisco SharePoint Users Group – April 2014 12
Enable AuditingAccess via -> Site Settings -> Configure Audit Settings
San Francisco SharePoint Users Group – April 2014 13
Best Practices• Keep permissions Safe for Work, no naked IDs• Use the default groups whenever possible• Create new groups for specific security needs• Create new groups at the root of your site
collection with read permission, then elevate• Document in the group’s description what it
provides access to• Place more public information at the upper
levels of your site• Place more secure information at the lower
levels of your site• Limit the number of users with admin rights• If needed, enable auditing
San Francisco SharePoint Users Group – April 2014 14
Fixing Permissions• Role Based or Hierarchy Based• Plan a new group where ever a specific,
discrete permission requirement exists• Make the group names as descriptive as
possible, and/or write out a detailed, plain English narrative of the group’s purpose in the Description field
• Create all groups at the root of your site collection with Read permissions
• Elevate these permissions as needed within the site
• Place users into groups as required
San Francisco SharePoint Users Group – April 2014 15
Fixing Permissions• Communicate out to your users the date & time
you will be switching over to a new permissions management scheme
• Ensure your users know they should contact you directly if they lose access to anything
• On the date and time agreed upon, remove all individually assigned users permissions on your site
• All that should be left are groups on your permissions screens
San Francisco SharePoint Users Group – April 2014 16
Questions
Source: http://xkcd.com/1349
