What email address or phone number would you like to use to sign in to Docs.com?
If you already have an account that you use with Office or other Microsoft services, enter it here.
Or sign in with:
Signing in allows you to download and like content, and it provides the authors analytical data about your interactions with their content.
Embed code for: SharePoint 2016 - Understanding Permissions
Select a size
Understanding SharePoint 2016 Permissions
Co-Founder and Owner of Lightning Tools
Co-Founder of Combined Knowledge
Organizer of UKCommunityDay.com (http://uk.communities.tech)
Who should be concerned about SharePoint security?
“The Department of Trade and Industry’s annual security survey showed last year, the threat of internal security breaches has now surpassed the risk of an external IT hack. Prescribing and monitoring employee behaviour around data access is probably the number one challenge facing any company today. But whose job is it?”
Who’s job is it?
IT (Farm Admin)
Maintain Active Directory Groups
Register & Disable User Accounts
Site Collection Administrators
Manage & Maintain SharePoint Groups
Oversee Permission Inheritance
Custom Permission Levels
Approve Access Requests
What can go wrong?
Due to a lack of Permissions Understanding:
Users are added to groups without realising those groups have permissions to other sites/content that should be restricted.
Permission Inheritance isn’t considered when assigning permissions
Access requests are approved without giving enough thought and looking for alternative ways of granting permissions
Documents and Folders are ‘Shared’ thus breaking permission inheritance and making it more difficult to remove a users permissions.
Sites are ‘Shared’ not realising the implications (Edit Permissions)
What about when someone leaves?
What should happen?
User is removed from SharePoint Groups
Users direct permissions are removed
User is removed from Active Directory Groups
User account is disabled in the Active Directory
What is typical?
Users account is disabled or deleted.
SharePoint Permission Structure
Inheritance & Groups
Sales Site (parent)
Sales Blog (subsite)
Sales Blog Authors
Sales Blog Approvers
Avoid Common Permissions Issues
Should I create a new default group/permission level for my site?
Should I accept the access request? Or could I grant permissions in a better way?
How can I design my site structure and should I consider security when I create a site collection?
Who will manage my SharePoint Groups?
Should I get HR on board and create a policy of what happens when a user leaves?