Secure Me, SharePoint

Secure Me, SharePoint

Recently, I saw an exchange between two SharePoint people about permissions. It went like this:

Q: I created a permission level identical to ‘Full Control’ except for one thing: I unchecked the permissions ‘Create sub-sites.’ However, when I test that new permission level I find I am not allowed to manage permissions!? Why?

A: I just created a new Permission Level, with all the same privs as Owner and could give a group that level. I was logged in as a site admin.

Q: Now remove your Site Admin priv and grant yourself ‘Site Owner without Create SubSite’ permission level.

A: I added a user to my ‘Sort of Owner’ group which had all owner level perms, made sure he had no other privs on the site, and accessed it fine... so from my quick testing, this seems to work fine.

It got me thinking about SharePoint permissions. Permissions management is a big deal, especially if you're dealing with compliance. It's challenging. Out of curiosity, I went to Microsoft to see what I could find:

User permissions and permission levels in SharePoint 2013

This Microsoft article talks about SharePoint 2013 default permissions and user permissions.

User permissions and permission levels (SharePoint Server 2010)

This Microsoft article talks about SharePoint 2010 default permissions and user permissions.

Grant Active Directory Domain Services permissions for profile synchronization in SharePoint Server 2013

This Microsoft article tells how to configure the permissions needed to synchronize profile information with SharePoint Server 2013.

Plan profile synchronization for SharePoint Server 2013

This Microsoft article details about how to get ready to setup profile synchronization in SharePoint 2013.

Configure custom permissions (SharePoint Server 2010)

This Microsoft article talks about how to customize an existing permission level, copy an existing permission level, and create a permission level in SharePoint 2010.

Overview of security trimming, administrative policies, and privacy settings for social feeds in SharePoint Server 2013

This Microsoft article relates to what users are allowed to see.

At SharePoint Pro magazine, we published a couple things related to permissions—actually, on claims:

SharePoint Security: Claims-Aware Options

SharePoint Security: What You Need to Know to Secure SharePoint

And this older article, which is useful for background:

Escaping SharePoint Permissions Purgatory

What are some resources you’ve found helpful? Let us know.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish