1. APAN SharePoint Permissions
Paul Hilton – APAN SharePoint Product Owner
Booz Allen Hamilton

2. Who Accesses Your Site?
Selective
Everyone?

3. We Need Permissions Not all users are equal Secure your site
Permission define rights
Manage individuals and groups

4. Securable Objects Sites Document libraries
Individual items in lists and document libraries
Folders

5. Individuals and Groups
Individual users: Pulled from active directory
Groups: a collection of users.  
Groups are global in a site collection. 
Groups are never "tied" to a specific securable object.

6. What are My Options?

7. APAN Permission Options
View Only - Users can look at certain pages but can't do much else.
Read - Users can see all pages and lists. They can also download documents.
Contribute - Users can add and edit certain items and delete lists and libraries. They can add, delete, or edit personal Web Parts.
Edit - Users can manage lists.
Design - Users can view, add, edit, delete, and approve items and pages.
Full Control - Users can do anything. This is the level that can edit permissions and manage the site as a whole.

8. Formula for Site Permission Group Names

9. APAN Default Site Permission Groups
Format: Site Name + Permission Group
Weather Team Owners
Weather Team Members
Weather Team Visitors
Owners  Full Control
Members  Contribute
Visitors  Read

10. Let’s Build a Site and Our Permission Groups

11. Building a Site – Building Permission Groups

12. Set the Options
Change the Permissions Default to Unique, for parent sites
Use unique permissions for sites off the root. Child sites can inherit or use unique. Child site probably will use the same navigation as its parent.

13. Modify the People in Roles
Default Roles
Owners
Members
Visitors
Confirm or create the Visitors role
Update the people in the Members and Owners roles
This page can be accessed by constructing a URL of the form:
Name/Site Name/_layouts/permsetup.aspx?HideCancel=1&NextUsing= Name/Site Name
For example: Your site collection name is scape and your site name is contoso. The URL that you would build in a note pad and paste in your browser would be

14. What about Anonymous Users?
No APAN account required

15. Anonymous Access Click on Site Actions  Site Permissions
Click on Anonymous Access
Select the access level
Set the anonymous access level according to the site owner’s requirements. The default is Nothing, which means that anonymous users (not logged into APAN) cannot access any content within the site.

16. Managing Access Requests

17. Manage Access Requests
Click on Site Actions  Site Permissions
Click on Manage Site Access Requests
Leave check, if site access requests allowed
Change or remove the address
Set the Site Access Requests according to the requirements. If there is a restriction on the site access, visitors without access rights will be prompted to request access. The request will be sent to the listed in the box.

18. Carefully Review Access Requests
Customize Pending Members List to identify your requesters.

19. A Little About… APAN Pending Members
Started from Combine Endeavor
Site level Feature – APAN Pending Members
SharePoint default - text box  “Let me in.”
Pending Members  SharePoint Custom List
Add mandatory columns to know your requesters
4 List Views (Based on Status column)
Pending (default)
Approved
Denied
All Items

20. APAN Pending Members Click on APAN tab
Click on box(es) in Title column
Click on Approve or Deny icon
Add user(s) to a Permission group

21. Create New Permission Group
Warning: More Groups mean more management
Some are OK
Many are not best practice

22. New Permission Group Gotchas

23. Create New Permission Group

24. APAN Group/Individual Permissions
Worried about deletions?

25. Granting/Editing Permissions
Identify or lookup a user or a group
Assign the permission level
Optional – send an message

26. Roundup… Let’s Tour the Site Permission Page

27. Site Permission Page
NT AUTHORITY\authenticated users is listed among the permission groups because this site is using Pending Members. Limited Access means that there are some restrictions on the group. NT AUTHORITY\authenticated users have read/write access to the Pending Members list so that logged in users can request site access. In the case of the Owners and Members groups, Limited Access is included because the site has some content (a list or library) that is restricted. Remember, a site owner can restrict access to any list or library.

28. A word About… Limited Access
Limited Access permissions – Cannot be assigned directly
SharePoint automatically assigns Limited Access to other required locations
APAN – NT Authenticated users have for Limited Access Pending Members

29. Breaking Inheritance New site  New permission groups
Breaking inheritance within a site  only a first step
Add new groups or individuals
Remove unwanted groups and individuals

30. Managing Permissions Easier at the Group level
Accepting requests  individual rights (difficult to manage)
Watch out who can view members

31. Usually you want to control access to your site
3 default permission groups
Organize permissions by groups
Groups are by site collection
Manage access requests with Pending Members
Be careful with making new permission groups
Avoid too many
Change the owner to your site Owners group
Keep your site secure

32. Thank You!!
ASPUG