1 / 17

PG&E SharePoint Users Group

San Francisco. PG&E SharePoint Users Group. April 10, 2014. 2. Best Practice- SharePoint Permission Management. Goals for permission management. Easy to understand Self-documenting Secures confidential content Easy to administer Keep track of who changes permissions.

pabla
Download Presentation

PG&E SharePoint Users Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. San Francisco PG&E SharePoint Users Group April 10, 2014

  2. 2 Best Practice-SharePoint PermissionManagement

  3. Goals for permission management • Easy to understand • Self-documenting • Secures confidential content • Easy to administer • Keep track of who changes permissions

  4. Knowledge Assumptions • Basic SharePoint Navigation • Know how to create groups • Know how to add users to groups http://xkcd.com/1339/

  5. SharePoint Permissions Model

  6. SharePoint Permission Model

  7. SharePoint Permission Model

  8. View Permissions Inheritance Access via -> Site Settings -> Site Permissions -> Show these items

  9. Three Levels of Admin RightsIn descending order of power • Primary/Secondary Site Collection AdministratorsCan only be changed by Farm Administrators Highest level of admin rights for a site collection Receive system emails for site collection Has admin rights to everything in site collection • Site Collection AdministratorsCan be added/removed by other Site Collection Admins Receive system emails for site collection Cannot remove Primary/Secondary SCAs Has admin rights to everything in site collection • Users with Full Control RightsCannot added/remove SCAs Can control permissions of other users Do not receive system emails for site collection Can delete objects they have full control onThis includes the entire site collection if they have rights at the root!

  10. Enable Auditing Access via -> Site Settings -> Configure Audit Settings

  11. Best Practices • Keep permissions Safe for Work, no naked IDs • Use the default groups whenever possible • Create new groups for specific security needs • Create new groups at the root of your site collection with read permission, then elevate • Document in the group’s description what it provides access to • Place more public information at the upper levels of your site • Place more secure information at the lower levels of your site • Limit the number of users with admin rights • If needed, enable auditing

  12. Fixing Permissions • Role Based or Hierarchy Based • Plan a new group where ever a specific, discrete permission requirement exists • Make the group names as descriptive as possible, and/or write out a detailed, plain English narrative of the group’s purpose in the Description field • Create all groups at the root of your site collection with Read permissions • Elevate these permissions as needed within the site • Place users into groups as required

  13. Fixing Permissions • Communicate out to your users the date & time you will be switching over to a new permissions management scheme • Ensure your users know they should contact you directly if they lose access to anything • On the date and time agreed upon, remove all individually assigned users permissions on your site • All that should be left are groups on your permissions screens

  14. Questions Source: http://xkcd.com/1349

  15. Thank You Presenter Patrick.Reeves@pge.com

More Related