+ All Categories
Home > Documents > Best Practices for managing SharePoint permission Levels

Best Practices for managing SharePoint permission Levels

Date post: 23-Feb-2016
Category:
Upload: keelia
View: 51 times
Download: 0 times
Share this document with a friend
Description:
Best Practices for managing SharePoint permission Levels. SharePoint 2010 Tony Rockwell. Who?. Tony Rockwell About me: 20+ years in IT 5 years focused on SharePoint MCTS SharePoint 2010 Configuration SharePoint Administration Installation; Configuration; Upgrades Enable OOTB features - PowerPoint PPT Presentation
18
#SPSSAN June 30, 2012 San Diego Convention Center BEST PRACTICES FOR MANAGING SHAREPOINT PERMISSION LEVELS SharePoint 2010 Tony Rockwell
Transcript
Page 1: Best Practices for managing SharePoint permission Levels

#SPSSAN

June 30, 2012 San Diego Convention Center

BEST PRACTICES FOR MANAGING SHAREPOINT PERMISSION LEVELS

SharePoint 2010Tony Rockwell

Page 2: Best Practices for managing SharePoint permission Levels

#SPSSAN

Who?Tony RockwellAbout me:

20+ years in IT5 years focused on SharePointMCTS SharePoint 2010 Configuration

• SharePoint Administration• Installation; Configuration;

Upgrades• Enable OOTB features• Implement 3rd party tools• Founding Board Member of

SANSPUG• SPSSAN organizer

Solution Specialist at EMP Live

EPM Live is the global leader in SharePoint-based project, portfolio & work management solutions that help organizations increase productivity by improving visibility, execution and collaboration on all types of work.• PortfolioEngine• WorkEngine• ProjectEngine

Page 3: Best Practices for managing SharePoint permission Levels

#SPSSAN

House Keeping• Thank our Sponsors!• This is an Interactive Session• Save questions – you choose

Twitter hashtags:#PermissionLevels

Page 4: Best Practices for managing SharePoint permission Levels

#SPSSAN

Agenda• SharePoint Security

• Why Create custom permission levels?• Inheritance & Scopes• Best Practices• Permission Level Scenario• How-To using the SharePoint interface• How-To using PowerShell• References

Page 5: Best Practices for managing SharePoint permission Levels

#SPSSAN

SharePoint Security• Why create custom permission levels?

• Because security matters to you• Ease security administration• Enable refined security

• Terminology

Farm AdministratorService Application AdministratorFeature AdministratorSite Collection Administrator

Permission LevelsUsersGroupsSecurable ObjectsInheritance & Scopes

Page 6: Best Practices for managing SharePoint permission Levels

#SPSSAN

Inheritance & ScopesSite Collection

Web Object

Document Library Object

Folder Web Object

Item

Item

Item

Scope 1

Scope 2

Page 7: Best Practices for managing SharePoint permission Levels

#SPSSAN

Best PracticesSharePoint Permissions

• Use fine-grained permissions only when business case requires it

• Break permission inheritance infrequently as possible

• Use domain groups to assign permissions to sites when possible

• Assign permissions at the highest level possible

• Make use of appropriate SP roles

Page 8: Best Practices for managing SharePoint permission Levels

#SPSSAN

Best PracticesSharePoint Permission Levels & Scopes

• Don’t modify or delete a default permission level• Copy a default permission level & modify it

• The maximum # of unique security scopes set for a list should not exceed 1,000

• Use group membership rather than individual membership in your scopes

Page 9: Best Practices for managing SharePoint permission Levels

#SPSSAN

Scenario• The Company• Each department owns a site• Department site owner to manage site… but delegates

permissions to someone else• Delegate should not modify site, pages, etc. only

add/remove (manage) users• Delegate should also have standard “Contribute”

access to site

Page 10: Best Practices for managing SharePoint permission Levels

#SPSSAN

Required Administrative Credentials• You are a member of the Administrators group

for the site collection

• You are a member of the Owners group for the

site• You have the Manage Permissions permission

If you use PowerShell you also need the

SharePoint_Shell_Access role in the SQL db

Page 11: Best Practices for managing SharePoint permission Levels

#SPSSAN

1. Navigate to top-level site2. Site Actions > Site Permissions (or Site Settings for

Publishing)

3. Click on Permission Levels in the Ribbon4. Select the permission level to copy – Contribute 5. Scroll down & select Copy Permission Level

How-to: SharePoint interface

Page 12: Best Practices for managing SharePoint permission Levels

#SPSSAN

6. Name the new permission level (User Manager) & enter a description (i.e. “ Use this permission to Manage Users”)

7. Select desired permissions • Check Enumerate Permissions (Manage will auto-select,

Deselect it)8. Scroll down & click Create

The custom permission level is ready to use!• Create a SharePoint group for each department; i.e. “Accounting

User Managers”• Give the group the “User Manager” permission level • Make the owner of this SP Group, the Site Owner or SCA• Change the owner of the Member & Visitor groups

How-to: SharePoint interface

Page 13: Best Practices for managing SharePoint permission Levels

#SPSSAN

How-to: PowerShellPS > $spWeb = Get-SPWeb http://sharepoint.contoso.com

Create a new objectPS > $plevel = New-Object Microsoft.SharePoint.SPRoleDefinition

Add name and descriptionPS > $plevel.Name = "Custom: User Manager" PS > $plevel.Description = “Enumerate Permissions"

Set the base permissionsPS > $plevel.BasePermissions = “EnumeratePermissions”

Page 14: Best Practices for managing SharePoint permission Levels

#SPSSAN

How-to: PowerShellAdd the permission level to your sitePS > $spWeb.RoleDefinitions.Add($plevel) Clean upPS > $spWeb.Dispose()

See base permissions that are availablePS > [system.enum]::GetNames("Microsoft.SharePoint.SPBasePermissions") EmptyMask ViewListItems AddListItems EditListItems DeleteListItems ApproveItems OpenItems ViewVersions DeleteVersions CancelCheckout ManagePersonalViews ManageLists ViewFormPages Open ViewPages AddAndCustomizePages ApplyThemeAndBorder ApplyStyleSheets ViewUsageData CreateSSCSite ManageSubwebs CreateGroups ManagePermissions BrowseDirectories BrowseUserInfo AddDelPrivateWebParts UpdatePersonalWebParts ManageWeb UseClientIntegration UseRemoteAPIs ManageAlerts CreateAlerts EditMyUserInfo EnumeratePermissions FullMask

Page 15: Best Practices for managing SharePoint permission Levels

#SPSSAN

Session wrap-upQuestionsPlease complete a Session Survey

Help me improveHelp the organizers improve future eventsWin prizes!

Page 16: Best Practices for managing SharePoint permission Levels

#SPSSAN

Contact me @Email: [email protected]: @sharepoinTonyBlog: http://sharepoinTony.info/blogLinkedIn: http://www.linkedin.com/in/ajrockwell San Diego SharePoint Users Group: www.sanspug.orgslideshare: http://www.slideshare.net/trock2010/

REFERENCE:Technet - User Permissions and Permission Levelshttp://technet.microsoft.com/en-us/library/cc721640.aspxSpbasepermissions - definitions http://technet.microsoft.com/en-us/library/microsoft.sharepoint.spbasepermissions(v=office.12).aspxSP Permission Inheritancehttp://technet.microsoft.com/en-us/library/cc287792(v=office.12).aspx Best Practices for Fine-grained Permissions (White Paper)http://technet.microsoft.com/en-us/library/gg130816(v=office.12).aspx Best Practices Center for SharePoint 2010http://technet.microsoft.com/en-us/sharepoint/hh189420

Page 17: Best Practices for managing SharePoint permission Levels

#SPSSAN

The After-Party: SharePint

Karl Strauss Brewing Company 1157 Columbia Street San Diego, CA 92101Phone: 619-234-2739

Immediately following event closing & prize drawings (@6:30 pm)

Directions (.9 miles):1. Head northeast on 1st Ave2. Turn left onto W. B St 3. Turn left onto Columbia StKarl Strauss will be on the left

Page 18: Best Practices for managing SharePoint permission Levels

#SPSSAN

June 30, 2012 San Diego Convention Center

THANK OUR SPONSORS

Please be sure to fill out your session evaluation!


Recommended