Presentation is loading. Please wait.

Presentation is loading. Please wait.

Permission Management in SharePoint – Overview and best practices Toni Frankola Co-Founder & CEO, Acceleratio Ltd., Croatia.

Published byJayson Jenkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Permission Management in SharePoint – Overview and best practices Toni Frankola Co-Founder & CEO, Acceleratio Ltd., Croatia."— Presentation transcript:

1

2 Permission Management in SharePoint – Overview and best practices Toni Frankola Co-Founder & CEO, Acceleratio Ltd., Croatia

3 Intro Toni Frankola Microsoft MVP, Co-founder of Acceleratio 16 years active in Microsoft ecosystem 7 years since co-founding Acceleratio 6 years as Microsoft MVP Using SharePoint since 2003 MCTS: SharePoint, CRM; MCPD Contact info:  tfrankola@acceleratio.net tfrankola@acceleratio.net  Twitter: @ToniFrankola

4 Generate SharePoint configuration documentation, audit farm health and compare, report on users and groups, and manage permissions. Review system, user and app performance live! Manage services and report on performance counters. Set up alerts and subscriptions. ​ Review all your Office 365 tenants, licenses and subscriptions. Report on Exchange Online settings and SharePoint Online permissions. ​ Autodiscover all SQL Servers in your domain. Generate documentation, compare SQL sofigurations and create inventory reports. We create innovative software solutions for SharePoint, Office 365, Windows Servers, SQL Servers, Remote Desktop Services, and Citrix admins and consultants.

5 Generate entire SharePoint documentation, check the custom solutions, save farm deployment. Monitor farm health, track changes and compare. Report on site contents and audit farm setup. Farm Assessment Farm Audit Save time! Validate! Check if your SharePoint farm is configured according to the latest SP community's best practices. Create custom reports on the SharePoint content. Create rules or check the particular content settings. Best Practices Know how! Automatic! Governance

6 Explore permissions and create site and user specific reports. Besides history data, review live permissions in real- time. Export reports. Analyze and manage permissions easily and save time. Edit, clone, transfer, create groups, add or remove users, break/restore inheritance and much more. Reporting Management Compare Compare SharePoint permissions between sites, lists and list items using a simple, yet powerful wizard. Check differences in your permissions easily.

7 Explore and manage SharePoint Online permissions. Delete a user or group from a site collection, and break/restore inheritance. Review all your Office 365 tenants, licenses and subscriptions. Track changes and monitor users Exchange Online data. Groups Users Tenant Overview Permissions Reports Review all! Save time! Examine! Compare

8 Agenda Terminology: User, groups, security scopes, objects… Side by side compare of features in different editions and versions Features and limitations Best practices Demo

9 SharePoint Versions and Editions SharePoint 2007 (WSS, Standard, Enterprise) SharePoint 2010 (Foundation, Standard, Enterprise) SharePoint 2013 (Foundation, Standard-Enterprise) SharePoint 2016 (Standard-Enterprise) SharePoint Online (Plan)

10 User An individual that has access to a SharePoint Site Active Directory FBA Azure AD

11 User / External User In SharePoint Online: An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates.

12 User / External User (2) Key benefits: They don’t need a license Power Users can easily invite them to join (where applicable) They don’t have access to your internal infrastructure Ideal for intra-company collaboration (Projects)

13 SharePoint Group A group of users Can be created via SharePoint user-interface Basic building block for SharePoint permissions Does NOT supported nested groups

14 AD Group / Security Group SharePoint On-Prem: Active Directory Group SharePoint Online: Security Group Pros: Can be nested (group within another group group) Cons You CANNOT manage group membership via SharePoint You CANNOT even see group members in SharePoint UI

15 Permission Levels

16 Permission Level Permission levels are collections of permissions that allow users to perform a set of related tasks.

17 Built-in Permission Levels Full Control Design Edit Contribute Read Limited Access Approve Manage Hierarchy Restricted Read View Only https://technet.microsoft.com/en-us/library/cc721640.aspx

18 Permissions List Permissions Manage Lists Override List Behaviors Add Items Edit Items Delete Items View Items Approve Items Open Items View Versions Delete Versions Create Alerts View Application Pages … Site Permissions Manage Permissions View Web Analytics Data Create Subsites Manage Web Site Add and Customize Pages Apply Themes and Borders Apply Style Sheets Create Groups Browse Directories Use Self-Service Site Creation View Pages Enumerate Permissions Browse User Information Manage Alerts Use Remote Interfaces Use Client Integration Features Open Edit Personal User Information Personal Permissions Manage Personal Views Add/Remove Personal Web Parts Update Personal Web Parts https://technet.microsoft.com/en-us/library/cc721640.aspx

19 Create a new permission level Can be performed from the UI Do it on the site collection level Example Business Requirement: Give users contribute privilege but do not allow users to delete documents.

20 Item / Doc Folder List / Doc Lib Site Site Collection Security in Practice

21 Role Assigment User Group AD Group Security Scope Permission Level Role Assignments

22 Security in Practice Role Assignment Inheritance Site Collection Site List / Doc Lib FolderItem / Doc

23 Security in Practice Role Assignment Inheritance Site Collection Site List / Doc Lib FolderItem / Doc Role Assignment Inheritance

24 Broken inheritance

25 Broken inheritance (2)

26 Combine Permissions User X is a member of groups G1 (Contribute) and G2 (Full Control) on the SharePoint site Finance. User will be granted the combination of permission levels, Full Control in this case There is no „deny” permissions in SharePoint

27 New sites and groups

28 Share

29 Share (2)

30 Share – Best Practices Always double-check what is being shared Use advanced whenever possible

31 Users with privileged access -Farm Administrators -Web Application Policy users -Site Owners (2x) -Site Collection Administrators

32 Given Directly / Given via Group

33 Programming 1: SPSite site = null; 2: SPWeb web = null; 3: site = new SPSite("http://server:100/sites/DevSite/"); 4: web = site.OpenWeb(); 5: SPRoleAssignment roleAssignment = new SPRoleAssignment("domain\\user", "alias@domain.com", "Role Name", "Description"); 6: SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Contributor); 7: roleAssignment.RoleDefinitionBindings.Add(roleDefinition); 8: web.RoleAssignments.Add(roleAssignment);

34 Boundaries and limits Security scope50,000 per listThresholdThe maximum number of unique security scopes set for a list cannot exceed 50,000. For most farms, we recommend that you consider lowering this limit to 5,000 unique scopes. For large lists, consider using a design that uses as few unique permissions as possible. https://technet.microsoft.com/en-us/library/cc262787.aspx

35 Item Level Permissions No security on views No security on columns Workflows could be used to automatically configure permissions

36 Limited Access SharePoint automatically assigns this permission level to users and SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. Not visible in SharePoint 2016 / Online (but still there)

37 Anonymous Access Anonymous access enables users to find resources in the public areas of Web sites without having to provide authentication credentials.

38 Access Requests The access request feature allows people to request access to content that they do not currently have permission to see. As a site owner, you can configure the feature to send you mail when someone requests access to a site. You can then choose whether to approve or decline their request. If you approve the request, you can also specify the specific level of permission you’d like to assign to a user.

39 Best Practices Use AD Groups or Azure AD Groups when possible Be careful as management might be difficult in the long run Define SharePoint groups on the Site Collection level Use Groups instead of giving access directly Break permissions ideal spot: Site >> List >> Folder >> List Item Make sure not to cross defined boundaries When create a new site with unique permissions use existing groups when possible Remove unused groups when possible

40 Best Practices (2) Remove orphaned users Try to reduce the number of custom permission levels When creating a new PL, start by copying existing one Be careful when restoring permissions inheritance on a site (it will restore entire chain downwards)

41 Demos

42 Upcoming webinars… http://tinyurl.com/toni-permissions

43 Q&A

Download ppt "Permission Management in SharePoint – Overview and best practices Toni Frankola Co-Founder & CEO, Acceleratio Ltd., Croatia."

Similar presentations

SharePoint Forms All you ever wanted to know about forms but were afraid to ask.

SharePoint Forms All you ever wanted to know about forms but were afraid to ask.
Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.

Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.
SharePoint Security and Search Lou Farho, Design Architect Alexander Open Systems.

SharePoint Security and Search Lou Farho, Design Architect Alexander Open Systems.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. Acceleratio specializes in developing high-quality enterprise.

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in Acceleratio specializes in developing high-quality enterprise.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Managing Identity and Permissions

Managing Identity and Permissions
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
OFFICE 365 GROUPS Administrative look into Groups July 9, 2015.

OFFICE 365 GROUPS Administrative look into Groups July 9, 2015.
Creating a SharePoint App with Microsoft Access Services

Creating a SharePoint App with Microsoft Access Services
Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.

Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.
Mark Kashman Senior Product Manager –

Mark Kashman Senior Product Manager –
Product Demo. Terminal Services Log By Acceleratio Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. Technology.

Product Demo. Terminal Services Log By Acceleratio Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in Technology.
Share easilyShare responsibly Share with anyone.

Share easilyShare responsibly Share with anyone.
Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.

Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.
Welcome to the Minnesota SharePoint User Group. Quick Intro Announcements Personalization in SharePoint Configuring User Profiles Configuring Audiences.

Welcome to the Minnesota SharePoint User Group. Quick Intro Announcements Personalization in SharePoint Configuring User Profiles Configuring Audiences.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Similar presentations

Ads by Google