Presentation is loading. Please wait.

Presentation is loading. Please wait.

About Chris Welch Synergy – Global Reach. Local Service. - Cell - 808 255 9431 Online - USA | South.

Published byCecily Sutton Modified over 9 years ago

Similar presentations

Presentation on theme: "About Chris Welch Synergy – Global Reach. Local Service. - Cell - 808 255 9431 Online - USA | South."— Presentation transcript:

1

2 About Chris Welch Synergy – Global Reach. Local Service. Email - cwelch@synergyonline.com Cell - 808 255 9431 Online - www.synergyonline.com USA | South Africa | United Kingdom | Asia Pacific

3 SharePoint 2010 End User Security - Standardization and Customization Understanding security in the End User environment Discussion and Demonstrations All participation is welcome and appreciated

4 SharePoint 2010 End User Security - Standardization and Customization > Planning and understanding < How do you make a meaningful security infrastructure? So… Let’s talk a bit about security

5 What is security? Trust Trust in people Trust in technology Trust in business P&P Trust in the institutional setting

6 Best Practice Keep it simple Reduce Reuse Recycle Security is a management process

7 Basic Security Concepts Plan the security environment Plan the security environment What – define security What – define security Sites Sites Lists and libraries Lists and libraries Who – define roles Who – define roles Separation of Duties Separation of Duties Access – define levels Access – define levels Least Privilege Least Privilege

8 SharePoint Roles Standard Security Roles Standard Security Roles Farm Administrator Farm Administrator Site Collection Administrator Site Collection Administrator Service Application Administrator Service Application Administrator Site Administrator Site Administrator Users Users

9 Security 101 - Terms Authorization vs. Authentication Authorization vs. Authentication Risk Management Risk Management $ or other measure $ or other measure Central tenets of measuring secure systems Central tenets of measuring secure systems Confidentiality Confidentiality Integrity Integrity Availability Availability Non Repudiation Non Repudiation Others…. Others….

10 So What About SharePoint? Demo Interlude Demo Interlude How does SharePoint do - How does SharePoint do - Confidentiality Confidentiality Integrity Integrity Availability Availability Non-Repudiation Non-Repudiation

11 Discussion Point Where are the Where are the Strengths in your SharePoint security Strengths in your SharePoint security Weaknesses in your SharePoint security Weaknesses in your SharePoint security What is the trust factor

12 Architecture Primer SharePoint architecture SharePoint architecture Web Application Site Collection Sites Lists and Libraries

13 Web Application Security Performed by a Farm Administrator Performed by a Farm Administrator Security Security Authentication Authentication User Permissions User Permissions Policies Policies Anonymous Anonymous User User Permissions Permissions

14 Web Application Demo Authentication Providers Authentication Providers User Permissions User Permissions Remove Manage Lists permission Remove Manage Lists permission Policies Policies Create Deny Delete Permission Policy Create Deny Delete Permission Policy Apply as a User Policy Apply as a User Policy

15 Site Collection Administrator Site Collection Administrator Has full control of all content in a site collection Has full control of all content in a site collection Is bound by security policy settings at the Web Application level Is bound by security policy settings at the Web Application level Is managed at the site collection or farm Web Application level Is managed at the site collection or farm Web Application level Highly trusted position in user environment Highly trusted position in user environment Farm Administrator Farm Administrator Site collection security

16 Site Level Security Uses three basic pieces of infrastructure Uses three basic pieces of infrastructure Security principle Security principle Securable Object Securable Object Permission Level Permission Level User or GroupSite-List-Item Permission Level

17 Users and Groups Maintained at the site collection Maintained at the site collection Users Users Available from Authentication Provider Available from Authentication Provider Stored in user information list Stored in user information list Groups Groups AD AD SharePoint SharePoint Best Practice Discussion Best Practice Discussion Users vs. Groups Users vs. Groups

18 Some Limits to Consider Supported Limits Supported Limits Groups per users - 5000 Groups per users - 5000 Users – 2 million per SC Users – 2 million per SC Principles per group – 5000 Principles per group – 5000 SharePoint Groups – 10,000 per SC SharePoint Groups – 10,000 per SC Security Scope – 5000 Security Scope – 5000 Limits based on performance Limits based on performance

19 Users and Group Demo Users and Group Users and Group Review groups Review groups Create a group and discuss settings Create a group and discuss settings Suggestions Group Suggestions Group Add users Add users Settings overview Settings overview Groups page Groups page Group Group

20 Securable Objects Sites, lists and libraries, item Sites, lists and libraries, item Security inherited by default Security inherited by default Inheritance can be removed Inheritance can be removed Sites can be created with unique permissions Sites can be created with unique permissions Creates three groups by default Creates three groups by default Permsetup.aspx Permsetup.aspx

21 Securable Objects Demonstration Review settings Review settings Remove inheritance for a site Remove inheritance for a site Remove inherited principles Remove inherited principles Create a new security infrastructure Create a new security infrastructure

22 Permissions and Permission Levels Used to grant access Used to grant access Based upon granular permissions Based upon granular permissions 33 33 Default set of permission levels Default set of permission levels FDCRL FDCRL AMRV AMRV Do not delete! Do not delete! Used to create customized security settings Used to create customized security settings

23 Permission Levels Stored at the top level site Stored at the top level site Inheritance can be broken, using PowerShell Inheritance can be broken, using PowerShell Best practice is to create a new Permission Level by inheriting from an existing one Best practice is to create a new Permission Level by inheriting from an existing one

24 Demo of Permission Levels Review permissions Review permissions Create a permission level by copying Create a permission level by copying Remove delete versions Remove delete versions Create a manage lists permission level Create a manage lists permission level Demonstrate permission dependencies Demonstrate permission dependencies

25 Finally Security Security Standardize where possible Standardize where possible Customize where necessary Customize where necessary Plan Plan Document Document Simplify Simplify

26 Questions?

Download ppt "About Chris Welch Synergy – Global Reach. Local Service. - Cell - 808 255 9431 Online - USA | South."

Similar presentations

Organizing List and Documents with Site Columns and Content Types Gayan Peiris Principal Consultant

Organizing List and Documents with Site Columns and Content Types Gayan Peiris Principal Consultant
JERRY GILES MNIS Unclassified Information Sharing Service PAUL HILTON.

JERRY GILES MNIS Unclassified Information Sharing Service PAUL HILTON.
PG&E SharePoint Users Group

PG&E SharePoint Users Group
Top 10 things you need to know about SharePoint Site Administration

Top 10 things you need to know about SharePoint Site Administration
Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
File Server Organization and Best Practices IT Partners June, 02, 2010.

File Server Organization and Best Practices IT Partners June, 02, 2010.
User Groups & Permissions FSU Microsoft SharePoint Training Series: September 22nd, 2011 Please log into the site at: https://sandbox.intranet.fsu.edu/

User Groups & Permissions FSU Microsoft SharePoint Training Series: September 22nd, 2011 Please log into the site at:
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. Acceleratio specializes in developing high-quality enterprise.

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in Acceleratio specializes in developing high-quality enterprise.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Mark Kashman Senior Product Manager –

Mark Kashman Senior Product Manager –
Share easilyShare responsibly Share with anyone.

Share easilyShare responsibly Share with anyone.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
SharePoint Users Group Content Classification Step by Step SharePoint 2007 and 2010.

SharePoint Users Group Content Classification Step by Step SharePoint 2007 and 2010.
Managing Active Directory Domain Services Objects

Managing Active Directory Domain Services Objects
DocuShare Training1. 2 3 Welcome to DocuShare Training.

DocuShare Training Welcome to DocuShare Training.
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Sites Lists Advanced Site collection administration –Moving sites –Save site as template.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Sites Lists Advanced Site collection administration –Moving sites –Save site as template.
External user invited This creates invitation in Access Request List Invitation email sent to guest with invitation URL Guest clicks URL. Verification.

External user invited This creates invitation in Access Request List Invitation sent to guest with invitation URL Guest clicks URL. Verification.

Similar presentations

Ads by Google