Module 6

1

• Module 6
• Securing Content

2
Module Overview

• Administering SharePoint Groups
• Implementing SharePoint Roles and Role
  Assignments
• Securing and Auditing SharePoint Content
• Configuring Security for SharePoint Content

3
Lesson 1 Administering SharePoint Groups

• Overview of Site Security
• Using Default Groups
• Using Custom Groups
• Group Management Comparison
• Using Active Directory Domain Service Groups
• Administrative Groups
• User Information List

4
Overview of Site Security
Security Principals
Securable Objects
Permissions
Permission
Item
Permission Level
User
Read
Document
View Items
Open Items
Group
List
5
Using Default Groups

• Visitors Read
• Members Contribute
• Owners Full Control
• Site templates add other groups
• Viewers
• Approvers
• Designers
• Hierarchy Managers
• Restricted Readers
• Style Resource Readers

6
Using Custom Groups

• When should you create a custom group?
• Permissions and Custom Groups
• Using Hierarchical Membership Management
• Site Managers. Membership managed bysite
  collection administrators
• Site Members. Owned by Site Managers. Membership
  managed by owner
• Group Membership Visibility

7
Group Management Comparison

• AD DS Groups
• Technical user interface
• No provisioning
• Centralized security management
• SharePoint Groups
• Nontechnical user interface
• Optional provisioning of membership requests
• Unified view of SharePoint groups users
• Only applies to SharePoint

8
Using Active Directory Domain Service Groups

• Using AD DS Groups Without SharePoint Groups
• Using SharePoint Groups Without AD DS Groups
• Advantages and disadvantages of nesting

Active Directory
SharePoint
9
Notes Page Over-flow Slide. Do Not Print Slide.
See Notes pane.
10
Administrative Groups

• Site Collection Administrators
• SharePoint Farm Administrators
• Windows Administrators

11
Notes Page Over-flow Slide. Do Not Print Slide.
See Notes pane.
12
User Information List

• People and Groups
• User Information List
• /_catalogs/users/simple.aspx
• This list exists at the site collection level
• The list of users is dynamic

13
Lesson 2 Implementing SharePoint Roles and Role
Assignments

• Configuring Anonymous Access
• Site, List, and Library Security
• Folder and Item Security
• Permission Levels
• Override Check Out Permission

14
Configuring Anonymous Access

• Configuring authentication of anonymous users in
  Central Administration
• Configuring authorization for anonymous users in
  a site

Anonymous access is disabled by default
15
Site, List, and Library Security

• Site-Level Permissions
• Inherit from site collection
• You can choose to break the inheritance
• List and Library Permissions
• Inherit from the site
• You can choose to break the inheritance
• Use the Check Permissions tool to evaluate
  effective permissions for a user

Site Collection Top-LevelSite
Site
Library/List
Folder
Document or Item
16
Folder and Item Security

• Items and folders inherit permissions from the
  list or library by default
• You can break inheritance and assign permissions
  to an item, document, or folder
• Indexing and Item Permissions
• Indexing ASPX content pages
• Potential security concerns

Site Collection Top-LevelSite
Site
Library/List
Folder
Document or Item
17
Permission Levels

• Permission levels are collections of permissions
• Default permission levels
• Defined at the site collection
• Creating and customizing permission levels

Permission Level Read
View Items
Open Items
View Versions
18
Override Check Out Permission

• Override Check Out permission
• Included in Full Control permission level
• Using a dedicated permission level for Override
  Check Out

19
Lesson 3 Securing and Auditing SharePoint Content

• Web Application Security
• Managing Web Application Permissions
• Configuring Auditing
• Information Rights Management

20
Web Application Security

• User Policy
• Anonymous Policy
• Permission Policy

21
Managing Web Application Permissions

• Defined at the Web application
• Use to restrict the individual permissions that
  can be used in site collections
• Example Prevent changes to branding
• Clear Apply Style Sheets and Apply Themes and
  Borders

22
Configuring Auditing

• Configured at the site collection level
• Records user actions for later examination
• Using audit logs to review security

23
Information Rights Management

• What is Information Rights Management?
• SharePoint Permissions and IRM Permissions
• Active Directory Rights Management Services
• Configuring IRM in SharePoint

24
Lab Configuring Security for SharePoint Content

• Exercise 1 Managing SharePoint Groups
• Exercise 2 Creating Custom Permission Levels
• Exercise 3 Managing Permissions and Inheritance
• Exercise 4 Creating a Web Application Policy

Logon information
Virtual machine 10174A-CONTOSO-DC-D 10174A-SP2010-WFE1-D
Logon user name
Administrative user name CONTOSO\Administrator CONTOSO\SP_Admin
Password Paw0rd Paw0rd
Estimated time 30 minutes
25
Scenario

• You have installed a new SharePoint 2010
  environment for evaluation by your executives. No
  one in the organization has used SharePoint
  before and the site setup will fall on you. You
  have been tasked with helping set up users and
  groups with the proper permissions on the sites
  until all the governance issues have been
  finalized, at which point permission management
  will be delegated to business owners.
  Additionally, you must set up an auditor policy
  on your Web application to allow the internal
  security team access to the sites and ensure that
  sensitive data is not being posted.

26
Module Review and Takeaways

• Review Questions