Presentation is loading. Please wait.

Presentation is loading. Please wait.

#SPSSAN June 30, 2012 San Diego Convention Center BEST PRACTICES FOR MANAGING SHAREPOINT PERMISSION LEVELS SharePoint 2010 Tony Rockwell.

Published byProsper Boyd Modified over 9 years ago

Similar presentations

Presentation on theme: "#SPSSAN June 30, 2012 San Diego Convention Center BEST PRACTICES FOR MANAGING SHAREPOINT PERMISSION LEVELS SharePoint 2010 Tony Rockwell."— Presentation transcript:

1 #SPSSAN June 30, 2012 San Diego Convention Center BEST PRACTICES FOR MANAGING SHAREPOINT PERMISSION LEVELS SharePoint 2010 Tony Rockwell

2 #SPSSAN Who? Tony Rockwell About me: 20+ years in IT 5 years focused on SharePoint MCTS SharePoint 2010 Configuration SharePoint Administration Installation; Configuration; Upgrades Enable OOTB features Implement 3 rd party tools Founding Board Member of SANSPUG SPSSAN organizer Solution Specialist at EMP Live EPM Live is the global leader in SharePoint-based project, portfolio & work management solutions that help organizations increase productivity by improving visibility, execution and collaboration on all types of work. PortfolioEngine WorkEngine ProjectEngine

3 #SPSSAN House Keeping Thank our Sponsors! This is an Interactive Session Save questions – you choose Twitter hashtags: #PermissionLevels

4 #SPSSAN Agenda SharePoint Security Why Create custom permission levels? Inheritance & Scopes Best Practices Permission Level Scenario How-To using the SharePoint interface How-To using PowerShell References

5 #SPSSAN SharePoint Security Why create custom permission levels? Because security matters to you Ease security administration Enable refined security Terminology Farm Administrator Service Application Administrator Feature Administrator Site Collection Administrator Permission Levels Users Groups Securable Objects Inheritance & Scopes Permission Levels Users Groups Securable Objects Inheritance & Scopes

6 #SPSSAN Inheritance & Scopes Site Collection Web Object Document Library Object Folder Web Object Item Scope 2

7 #SPSSAN Best Practices SharePoint Permissions Use fine-grained permissions only when business case requires it Break permission inheritance infrequently as possible Use domain groups to assign permissions to sites when possible Assign permissions at the highest level possible Make use of appropriate SP roles

8 #SPSSAN Best Practices SharePoint Permission Levels & Scopes Don’t modify or delete a default permission level Copy a default permission level & modify it The maximum # of unique security scopes set for a list should not exceed 1,000 Use group membership rather than individual membership in your scopes

9 #SPSSAN Scenario The Company Each department owns a site Department site owner to manage site… but delegates permissions to someone else Delegate should not modify site, pages, etc. only add/remove (manage) users Delegate should also have standard “Contribute” access to site The Company Each department owns a site Department site owner to manage site… but delegates permissions to someone else Delegate should not modify site, pages, etc. only add/remove (manage) users Delegate should also have standard “Contribute” access to site

10 #SPSSAN Required Administrative Credentials

11 #SPSSAN 1. Navigate to top-level site 2. Site Actions > Site Permissions (or Site Settings for Publishing) 3. Click on Permission Levels in the Ribbon 4. Select the permission level to copy – Contribute 5. Scroll down & select Copy Permission Level How-to: SharePoint interface

12 #SPSSAN 6. Name the new permission level (User Manager) & enter a description (i.e. “ Use this permission to Manage Users”) 7. Select desired permissions Check Enumerate Permissions (Manage will auto-select, Deselect it) 8. Scroll down & click Create The custom permission level is ready to use! Create a SharePoint group for each department; i.e. “Accounting User Managers” Give the group the “User Manager” permission level Make the owner of this SP Group, the Site Owner or SCA Change the owner of the Member & Visitor groups How-to: SharePoint interface

13 #SPSSAN How-to: PowerShell PS > $spWeb = Get-SPWeb http://sharepoint.contoso.comhttp://sharepoint.contoso.com Create a new object PS > $plevel = New-Object Microsoft.SharePoint.SPRoleDefinition Add name and description PS > $plevel.Name = "Custom: User Manager" PS > $plevel.Description = “Enumerate Permissions" Set the base permissions PS > $plevel.BasePermissions = “EnumeratePermissions”

14 #SPSSAN How-to: PowerShell Add the permission level to your site PS > $spWeb.RoleDefinitions.Add($plevel) Clean up PS > $spWeb.Dispose() See base permissions that are available PS > [system.enum]::GetNames("Microsoft.SharePoint.SPBasePermissions") EmptyMask ViewListItems AddListItems EditListItems DeleteListItems ApproveItems OpenItems ViewVersions DeleteVersions CancelCheckout ManagePersonalViews ManageLists ViewFormPages Open ViewPages AddAndCustomizePages ApplyThemeAndBorder ApplyStyleSheets ViewUsageData CreateSSCSite ManageSubwebs CreateGroups ManagePermissions BrowseDirectories BrowseUserInfo AddDelPrivateWebParts UpdatePersonalWebParts ManageWeb UseClientIntegration UseRemoteAPIs ManageAlerts CreateAlerts EditMyUserInfo EnumeratePermissions FullMask

15 #SPSSAN Session wrap-up Questions Please complete a Session Survey Help me improve Help the organizers improve future events Win prizes!

16 #SPSSAN Contact me @ Email: trockwell@epmlive.comtrockwell@epmlive.com Twitter: @sharepoinTony Blog: http://sharepoinTony.info/bloghttp://sharepoinTony.info/blog LinkedIn: http://www.linkedin.com/in/ajrockwellhttp://www.linkedin.com/in/ajrockwell San Diego SharePoint Users Group: www.sanspug.orgwww.sanspug.org slideshare: http://www.slideshare.net/trock2010/http://www.slideshare.net/trock2010/ REFERENCE : Technet - User Permissions and Permission Levels http://technet.microsoft.com/en-us/library/cc721640.aspx Spbasepermissions - definitions http://technet.microsoft.com/en- us/library/microsoft.sharepoint.spbasepermissions(v=office.12).aspx SP Permission Inheritance http://technet.microsoft.com/en-us/library/cc287792(v=office.12).aspx Best Practices for Fine-grained Permissions (White Paper) http://technet.microsoft.com/en-us/library/gg130816(v=office.12).aspx Best Practices Center for SharePoint 2010 http://technet.microsoft.com/en-us/sharepoint/hh189420

17 #SPSSAN The After-Party : SharePint Karl Strauss Brewing Company 1157 Columbia Street San Diego, CA 92101 Phone: 619-234-2739 Immediately following event closing & prize drawings (@6:30 pm) Directions (.9 miles): 1. Head northeast on 1st Ave 2. Turn left onto W. B St 3. Turn left onto Columbia St Karl Strauss will be on the left

18 #SPSSAN June 30, 2012 San Diego Convention Center THANK OUR SPONSORS Please be sure to fill out your session evaluation!

Download ppt "#SPSSAN June 30, 2012 San Diego Convention Center BEST PRACTICES FOR MANAGING SHAREPOINT PERMISSION LEVELS SharePoint 2010 Tony Rockwell."

Similar presentations

From the eyes of an Administrator A general overview of e-CFunds Administrative Site, including navigation and exploring the features of this powerful.

From the eyes of an Administrator A general overview of e-CFunds Administrative Site, including navigation and exploring the features of this powerful.
SharePoint 2013 Community Sites The Discussion Boards Extreme Makeover Marlene Lanphier Senior SharePoint Solutions Designer.

SharePoint 2013 Community Sites The Discussion Boards Extreme Makeover Marlene Lanphier Senior SharePoint Solutions Designer.
Philadelphia Area SharePoint User Group January 30, 2013 Chris Mann RJB Technical Consulting

Philadelphia Area SharePoint User Group January 30, 2013 Chris Mann RJB Technical Consulting
JERRY GILES MNIS Unclassified Information Sharing Service PAUL HILTON.

JERRY GILES MNIS Unclassified Information Sharing Service PAUL HILTON.
Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.

Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.
SP Business Suite Deployment Kick-off

SP Business Suite Deployment Kick-off
Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.

Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.
SESSION TWO SECURITY AND GROUP PERMISSIONS Security and Group Permissions.

SESSION TWO SECURITY AND GROUP PERMISSIONS Security and Group Permissions.
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
OFFICE 365 GROUPS Administrative look into Groups July 9, 2015.

OFFICE 365 GROUPS Administrative look into Groups July 9, 2015.
December 1 st, 2012. SharePoint Lifecycle management With Project Server 2010.

December 1 st, SharePoint Lifecycle management With Project Server 2010.
Web FOCUS Integration with Microsoft Office SharePoint By: Kelvin Ruiz NASA – Kennedy Space Center.

Web FOCUS Integration with Microsoft Office SharePoint By: Kelvin Ruiz NASA – Kennedy Space Center.
My Site Collaborative Features. About Me Support Team Leader with Webteksolutions Primary.

My Site Collaborative Features. About Me Support Team Leader with Webteksolutions Primary.
Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.

Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Similar presentations

Ads by Google