Date post: | 02-Dec-2014 |
Category: |
Technology |
Upload: | jamie-aliperti |
View: | 430 times |
Download: | 1 times |
Permissions: Designed to Scale
Jamie Aliperti
[email protected]@jaliperti
SharePoint Saturday PortlandMay 19th, 2012
About MeSales Engineering Manager Axceler
based out of the Los Angeles office, and spend most of my time providing consultancy, training and support to current and future customers. I have over 7 years experience with Microsoft technologies, and lead the Los Angeles Sales Engineering team.
Email: [email protected]: @jaliperti
Improving SharePoint Collaboration Since 2007 Mission: To enable enterprises to simplify, optimize, and
secure their collaborative platforms Delivered award-winning administration and migration
software since 1994 Over 2,000 global customers
Dramatically improve the management of SharePoint Innovative products that improve security, scalability,
reliability, “deployability” Making IT more effective and efficient and lower the total
cost of ownership
Focus on solving specific SharePoint problems (Administration & Migration) Coach enterprises on SharePoint best practices Give administrators the most innovative tools available Anticipate customers’ needs Deliver best of breed offerings Stay in lock step with SharePoint development and
market trends
About Axceler
Where to Start?
Anyone have any ideas?
SharePoint Security
Governance is about taking action to help your organization
organize, optimize, and manage your systems and
resources.
Design Permissions as part of Governance
How is your organization using SharePoint?
Is there secure content in your SharePoint environment?
Who is responsible for SharePoint Security?
04/09/2023
Questions to Ask
How granular do you need to control access to content?
Who manages all the different parts of your SharePoint farm?
How do you want to manage your users?
Plan!
Assigned in Central Admin and has permission to all servers and settings in the
farm
Central Administration access, create new web apps, manage services, stsadm/PowerShell commandCan take ownership of content: make
themselves Site Collection Administrators04/09/2023
Farm Administrators Group
A SharePoint environment must support user accounts that can be
authenticated by a trusted authority
How do you authenticate your users?
Authentication Methods
NTLM: Users authenticated by using the credentials on the running
thread Simple to implement
SharePoint will not be integrated with other applications
Kerberos If your SharePoint sites use external data
Credentials passed from one server to another (“double hop”) Faster, more secure, and can be less error prone then NTLM
Anonymous Access No authentication needed to browse the site
Windows Authentication
Defined at the web application level
SharePoint Authentication
Claims-based authentication mode: use any supported authentication method or else you will support only Windows authentication
04/09/2023
Who Needs to Access SharePoint?
Quick way to apply permissions across web applications
Only part of SharePoint where users can be explicitly denied access
Set in Central Admin
04/09/2023
Web Application Policies
Given full control over all sites in a site collection
Access to settings pages Manage users, restores items,
manage site hierarchyCannot access Central Admin
04/09/2023
Site Collection Administrators
What can we secure?SiteLibrary or ListFolderDocument or Item
Securable Objects
If all sites and site content inherit those permissions
defined at the site collection, what’s so hard about managing permissions if they are defined
so high in the hierarchy?
Inheritance
Structure/ArchitectureFarm
Web App
Site Collection
Site
Sub-site
Sub-site
Site
Site
Sub-site
Site Collection
Site
Web App
Site Collection
Site
Site
Sub-site
Collections of permissions that allow users to perform
a set of related tasks
Permission levels are defined at the site collection level
Permission Levels
The default permission levels are Full Control, Design, Contribute, Read, and
Limited Access
What does “Read” mean to your organization?
04/09/2023
Customizing Permission Levels
A group of users that are defined at site collection level for easy management of
permissions
The default SharePoint groups are Owners, Visitors, and Members, with Full Control, Read, and Contribute as their default permission levels respectively
Anyone with Full Control permission can create custom groups
04/09/2023
SharePoint Groups
Permissions are applied on objects:1. Directly to users2. Directly to domain groups
(visibility warning)
3. To SharePoint Groups
The Basics: Permissions
Make most users members of the Members or Visitors groups
Members group can contribute to the site by adding or removing items or documents, but cannot change the structure, site settings, or appearance of the site.
Visitors group has read-only access to the site, which means that they can see pages and items, and open items and documents, but cannot add or remove pages, items, or documents.
04/09/2023
Best Practice
Arrange sites and subsites, and lists and libraries so they can share most
permissions
Separate sensitive data into their own lists, libraries, or subsite
Permission worksheet:http://go.microsoft.com/fwlink/p/?LinkID=213970&clcid=0x409
04/09/2023
Plan for Permission Inheritance
If you do break inheritance, Microsoft recommends using groups to avoid having to
track individual users
People move in and out of teams and change responsibilities frequently
Tracking those changes and updating the permissions for uniquely secured objects would be
time-consuming and error-prone.04/09/2023
Stick to the Plan
Go back and refine
Questions and Answers