permissions designed to scale
DESCRIPTION
SharePoint Saturday permissions planning session.TRANSCRIPT
![Page 1: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/1.jpg)
Permissions: Designed to Scale
Jamie Aliperti
[email protected]@jaliperti
SharePoint Saturday PortlandMay 19th, 2012
![Page 2: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/2.jpg)
About MeSales Engineering Manager Axceler
based out of the Los Angeles office, and spend most of my time providing consultancy, training and support to current and future customers. I have over 7 years experience with Microsoft technologies, and lead the Los Angeles Sales Engineering team.
Email: [email protected]: @jaliperti
![Page 3: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/3.jpg)
Improving SharePoint Collaboration Since 2007 Mission: To enable enterprises to simplify, optimize, and
secure their collaborative platforms Delivered award-winning administration and migration
software since 1994 Over 2,000 global customers
Dramatically improve the management of SharePoint Innovative products that improve security, scalability,
reliability, “deployability” Making IT more effective and efficient and lower the total
cost of ownership
Focus on solving specific SharePoint problems (Administration & Migration) Coach enterprises on SharePoint best practices Give administrators the most innovative tools available Anticipate customers’ needs Deliver best of breed offerings Stay in lock step with SharePoint development and
market trends
About Axceler
![Page 4: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/4.jpg)
Where to Start?
Anyone have any ideas?
SharePoint Security
![Page 5: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/5.jpg)
Governance is about taking action to help your organization
organize, optimize, and manage your systems and
resources.
Design Permissions as part of Governance
![Page 6: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/6.jpg)
How is your organization using SharePoint?
Is there secure content in your SharePoint environment?
Who is responsible for SharePoint Security?
04/09/2023
Questions to Ask
![Page 7: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/7.jpg)
How granular do you need to control access to content?
Who manages all the different parts of your SharePoint farm?
How do you want to manage your users?
Plan!
![Page 8: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/8.jpg)
Assigned in Central Admin and has permission to all servers and settings in the
farm
Central Administration access, create new web apps, manage services, stsadm/PowerShell commandCan take ownership of content: make
themselves Site Collection Administrators04/09/2023
Farm Administrators Group
![Page 9: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/9.jpg)
A SharePoint environment must support user accounts that can be
authenticated by a trusted authority
How do you authenticate your users?
Authentication Methods
![Page 10: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/10.jpg)
NTLM: Users authenticated by using the credentials on the running
thread Simple to implement
SharePoint will not be integrated with other applications
Kerberos If your SharePoint sites use external data
Credentials passed from one server to another (“double hop”) Faster, more secure, and can be less error prone then NTLM
Anonymous Access No authentication needed to browse the site
Windows Authentication
![Page 11: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/11.jpg)
Defined at the web application level
SharePoint Authentication
![Page 12: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/12.jpg)
Claims-based authentication mode: use any supported authentication method or else you will support only Windows authentication
04/09/2023
Who Needs to Access SharePoint?
![Page 13: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/13.jpg)
Quick way to apply permissions across web applications
Only part of SharePoint where users can be explicitly denied access
Set in Central Admin
04/09/2023
Web Application Policies
![Page 14: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/14.jpg)
Given full control over all sites in a site collection
Access to settings pages Manage users, restores items,
manage site hierarchyCannot access Central Admin
04/09/2023
Site Collection Administrators
![Page 15: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/15.jpg)
What can we secure?SiteLibrary or ListFolderDocument or Item
Securable Objects
![Page 16: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/16.jpg)
If all sites and site content inherit those permissions
defined at the site collection, what’s so hard about managing permissions if they are defined
so high in the hierarchy?
Inheritance
![Page 17: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/17.jpg)
Structure/ArchitectureFarm
Web App
Site Collection
Site
Sub-site
Sub-site
Site
Site
Sub-site
Site Collection
Site
Web App
Site Collection
Site
Site
Sub-site
![Page 18: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/18.jpg)
Collections of permissions that allow users to perform
a set of related tasks
Permission levels are defined at the site collection level
Permission Levels
![Page 19: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/19.jpg)
The default permission levels are Full Control, Design, Contribute, Read, and
Limited Access
What does “Read” mean to your organization?
04/09/2023
Customizing Permission Levels
![Page 20: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/20.jpg)
A group of users that are defined at site collection level for easy management of
permissions
The default SharePoint groups are Owners, Visitors, and Members, with Full Control, Read, and Contribute as their default permission levels respectively
Anyone with Full Control permission can create custom groups
04/09/2023
SharePoint Groups
![Page 21: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/21.jpg)
Permissions are applied on objects:1. Directly to users2. Directly to domain groups
(visibility warning)
3. To SharePoint Groups
The Basics: Permissions
![Page 22: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/22.jpg)
Make most users members of the Members or Visitors groups
Members group can contribute to the site by adding or removing items or documents, but cannot change the structure, site settings, or appearance of the site.
Visitors group has read-only access to the site, which means that they can see pages and items, and open items and documents, but cannot add or remove pages, items, or documents.
04/09/2023
Best Practice
![Page 23: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/23.jpg)
Arrange sites and subsites, and lists and libraries so they can share most
permissions
Separate sensitive data into their own lists, libraries, or subsite
Permission worksheet:http://go.microsoft.com/fwlink/p/?LinkID=213970&clcid=0x409
04/09/2023
Plan for Permission Inheritance
![Page 24: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/24.jpg)
If you do break inheritance, Microsoft recommends using groups to avoid having to
track individual users
People move in and out of teams and change responsibilities frequently
Tracking those changes and updating the permissions for uniquely secured objects would be
time-consuming and error-prone.04/09/2023
Stick to the Plan
![Page 25: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/25.jpg)
Go back and refine
![Page 26: Permissions designed to scale](https://reader035.vdocument.in/reader035/viewer/2022081413/547dc8355906b5c4718b45e6/html5/thumbnails/26.jpg)
Questions and Answers