“Best” Practices for Permission Management in Windows SharePoint Services 3.0

Thinks

Permissions management tends to be one of the areas that SharePoint Users have issues with in terms of understanding and over-engineering. Challenges with these differences can be minimized by considering these principles of permission management or thinking about how you want to optimize your information security.

1. Take a good look at who your intended audience is for your site(s) when designing an Access strategy
2. Groups are your friends
   1. In general, I have found that managing access in ANY system is much more manageable, controllable, easier to troubleshoot when you use groups based on user properties. (e.g. AD groups or SharePoint Groups)
   2. The Key is to be consistent with picking Active Directory or SharePoint Groups for access control and permissions
3. Use built in Roles
   1. Whenever possible, easier to use and easier to troubleshoot issues
4. Inherit permissions wherever you can
   1. Once you break inheritance, you lose your customizations
5. Limit the granularity of restrictions
   1. Improves performance of the system and makes troubleshooting permission issues much easier

Levels of Permissions and Inheritance

1. Web Application (Web Application Security Policy)
   1. Site Collection (Top Site Security Permissions)
      1. Subsite (Subsite Security Permissions)
         1. List (or library)
            1. Item (or document or folder)

 

Built In Roles

1. Site Owners and users with the Full Control permission level have the Manage Permissions permission and can manage permissions on a particular securable object.

2. Default SharePoint groups and permissions

3. SharePoint group name	Default permission level
   Site name Owners	Full Control
   Site name Members	Contribute
   Site name Visitors	Read

4.  

Links

1. Online Help for your WSS site
   1. “Managing permissions and security”
   2. “Permission levels and permissions”
2. Excellent BOOK!
   1. Microsoft® Office SharePoint® Server 2007 Best Practices
   2. https://www.microsoft.com/MSPress/books/12197.aspx

 

Clinks

Comments

• Anonymous
  July 31, 2008
  PingBack from http://blog.a-foton.ru/2008/07/%e2%80%9cbest%e2%80%9d-practices-for-permission-management-in-windows-sharepoint-services-30/

• Anonymous
  July 31, 2008
  I've got a powershell script that will enumerate your sites and permssions at a Site-Level. I try not to go too far beneath that. Maintenance nightmare. This needs to be run on your server (it needs stsadm and the Microsoft.Sharepoint dlls)