SharePoint Permissions

1
SharePoint Permissions

• Who has access?
• What can they do with the access?
• What is the easiest way to manage the
  permissions?
• What structure of sites and lists/libraries makes
  the most sense for your workflow?

2
All sites inheriting permissions
3
Breaking some of the inheritance lines
4
All securable objects inheriting permissions
5
Breaking some of the inheritance lines
6
Authentication establishes identity

• We use Active Directory as the authentication
  provider
• AD user accounts can represent individuals or
  groups of people
• NPS\dsmith
• NPS\domain users
• AD user accounts are added to SharePoint, either
  as individual users or as part of SharePoint
  groups

7
Authorization -permission to do certain tasks

• What can a user see? Apply permissions so users
  can get to the information they need, but not
  have access to restricted information
• What can a user do with the resource? Apply
  permissions so that the ability to modify the
  resources is not more than is necessary

8
Permissions and Permission Levels

• Thirty-three distinct permissions
• Permission levels are groups of distinct
  permissions
• Permission levels are assigned to individual
  users or to SharePoint groups
• Default permission levels are full control,
  design, contribute and read

9
Default permission levels

• Full Control (Owners group) All permissions.
• Design Create lists and document libraries, edit
  pages and apply themes to the web site.
• Contribute (Members group) Add, edit, and delete
  items in existing lists and document libraries.
• Read (Visitors group) Read-only access. View and
  open items and documents.
• Limited Access Automatically assigned, to give
  enough access so the user can navigate to the
  item that they do have permission for.

10
(No Transcript)
11
Planning

• Design a clear hierarchy of inheritance
• Separate sensitive data into its own lists,
  libraries, or even better, subsites
• Balance ease of administration with the control
  of granular permissions
• Decide what groups to use and what permission
  levels to give them

12
SharePoint Groups
13
Who might be in these groups?

• Team Site Owners (Full Control)
• Two or three individuals at the most
• Team Site Members (Contribute)
• Might be individuals if a small workgroup
• Might be an Active Directory group that includes
  everybody in an office or organizational group
  (e.g. NPS\inpnridg for NRPC)
• Might be all NPS domain users
• Team Site Visitors
• Often all NPS domain users if not sensitive info
  on site

14
A group can have different permissions on
different sites!
15
Fine Points

• In most cases, assign permission levels to
  SharePoint groups instead of individuals
• Look for existing Active Directory groups or ask
  that they be created
• All groups have an owner (can be a single person
  or a single group)
• Settings determine who can view or edit the
  membership of a group
• Restricted access sites should be lower in the
  hierarchy

16
Planning Matters!