Joel Oleson's SharePoint Land : SharePoint Groups, Permissions, Site Security,... - The Diigo Meta page

• 26 Apr 09
  

  Cody Gros

  planning security sharepoint

• 08 Apr 09
  

  Uther PenDragon

  sharepoint security permissions

  • The deeper the nesting the more likely windows itself will freak out. 
• 02 Mar 09
  

  Jens Höfling

  Sharepoint permissions security oleson

• 05 Nov 08
  

  Michael Nemtsev

  both users and permissions

  SharePoint Security

  • The current best practice is to add users and domain groups to the permission
    level/cross site group (site collection groups). 
  • You cannot create groups or permission levels declaratively in XML
  • 2 more annotations...
  • • Nested security groups beyond a couple can be problematic especially when a
      contact or DL is in the mix or when a global group is used improperly
    • If it works to secure a file on the file system in the same domain as your
      SharePoint server, you're 99% likely it will work in SharePoint.  I say 99%
      because, I have myself removed and re-added user, a number of times to reapply
      security to get it to work.  It is a common troubleshooting step to remove
      the group or user, then remove their entry in the user info list to clean it up
      completely
• 02 Oct 08
  

  Andy Pauls

  reference security permissions sharepoint

  • For sensitive sites at the site collection level - least priviledged access, don't delegate the site owner or admin roles, you should have a couple of site administrators and/or site owners, using individuals here is a good practice.  You'd think why not create a group, but at this level it's good to have an individual owner that has an email address that will ensure the site auto delete features do what you'd expect. 

  • Dev Tip from Jim Sturms: You cannot create groups or permission levels declaratively in XML – you’ll need to create these using the OM with a solution.

    
    

    Although permissions inheritance is easily broken and granularized, I don't recommend it unless you need to.  It's a pain to manage, let me tell you.  There are a bunch of partners out there that would love to help you manage your site permissions and help you add users across all the sites when someone joins the group.  It's a ton better to add security groups and users at the site collection level and use the sharepoint groups and add people to those roles that you see right out of the box.  Sure you can break inheritance on special sites, but I'd recommend not making that the rule more the exception.

  • 2 more annotations...
  • • "Policy is merged with local permissions to arrive at the user’s effective permissions.
    • References:
      TechNet: Plan Site Security
      http://technet2.microsoft.com/windowsserver/WSS/en/library/700c3d60-f394-4ca9-a6d8-ab597fc3c31b1033.mspx?mfr=true
      Managing Permissions and Security
      http://office.microsoft.com/en-us/sharepointtechnology/CH100649861033.aspx
      Role Assignments, Role Definitions, and Inheritance
      http://msdn2.microsoft.com/en-us/library/ms414036.aspx
      Users, Groups, and Authorization
      http://msdn2.microsoft.com/en-us/library/ms414400.aspx
• 21 Jul 08
  

  Mike Mas

  SharePoint

• 25 Oct 07
  

  Jeremy Thake

  planning security sharepoint

Would you like to comment?

Join Diigo for a free account, or sign in if you are already a member.