SlideShare uma empresa Scribd logo

Best Practices with SP Permission Levels

Transferir como PPTX, PDF
T
Tony Rockwell
TecnologiaNegócios
1 de 18
June 30, 2012 San Diego Convention Center BEST PRACTICES FOR MANAGING SHAREPOINT PERMISSION LEVELS SharePoint 2010 Tony Rockwell #SPSSAN
Who? Tony Rockwell About me: 20+ years in IT Solution Specialist at EMP Live 5 years focused on SharePoint EPM Live is the global leader in MCTS SharePoint 2010 SharePoint-based project, portfolio & Configuration work management solutions that help organizations increase productivity by • SharePoint Administration improving visibility, execution and • Installation; Configuration; collaboration on all types of work. Upgrades • PortfolioEngine • Enable OOTB features • WorkEngine • Implement 3rd party tools • ProjectEngine • Founding Board Member of SANSPUG • SPSSAN organizer #SPSSAN
House Keeping • Thank our Sponsors! • This is an Interactive Session • Save questions – you choose Twitter hashtags: #PermissionLevels #SPSSAN
Agenda • SharePoint Security • Why Create custom permission levels? • Inheritance & Scopes • Best Practices • Permission Level Scenario • How-To using the SharePoint interface • How-To using PowerShell • References #SPSSAN
SharePoint Security • Why create custom permission levels? • Because security matters to you • Ease security administration • Enable refined security • Terminology Permission Levels Farm Administrator Users Service Application Administrator Groups Feature Administrator Securable Objects Site Collection Administrator Inheritance & Scopes #SPSSAN
Inheritance & Scopes Site Collection Web Object Document Library Object Folder Web Object Item Item Item Scope 2 #SPSSAN
Best Practices SharePoint Permissions • Use fine-grained permissions only when business case requires it • Break permission inheritance infrequently as possible • Use domain groups to assign permissions to sites when possible • Assign permissions at the highest level possible • Make use of appropriate SP roles #SPSSAN
Best Practices SharePoint Permission Levels & Scopes • Don’t modify or delete a default permission level • Copy a default permission level & modify it • The maximum # of unique security scopes set for a list should not exceed 1,000 • Use group membership rather than individual membership in your scopes #SPSSAN
Scenario • The Company • Each department owns a site • Department site owner to manage site… but delegates permissions to someone else • Delegate should not modify site, pages, etc. only add/remove (manage) users • Delegate should also have standard “Contribute” access to site #SPSSAN
Required Administrative Credentials #SPSSAN
How-to: SharePoint interface 1. Navigate to top-level site 2. Site Actions > Site Permissions (or Site Settings for Publishing) 3. Click on Permission Levels in the Ribbon 4. Select the permission level to copy – Contribute 5. Scroll down & select Copy Permission Level #SPSSAN
How-to: SharePoint interface 6. Name the new permission level (User Manager) & enter a description (i.e. “ Use this permission to Manage Users”) 7. Select desired permissions • Check Enumerate Permissions (Manage will auto-select, Deselect it) 8. Scroll down & click Create The custom permission level is ready to use! • Create a SharePoint group for each department; i.e. “Accounting User Managers” • Give the group the “User Manager” permission level • Make the owner of this SP Group, the Site Owner or SCA • Change the owner of the Member & Visitor groups #SPSSAN
How-to: PowerShell PS > $spWeb = Get-SPWeb http://sharepoint.contoso.com Create a new object PS > $plevel = New-Object Microsoft.SharePoint.SPRoleDefinition Add name and description PS > $plevel.Name = "Custom: User Manager" PS > $plevel.Description = “Enumerate Permissions" Set the base permissions PS > $plevel.BasePermissions = “EnumeratePermissions” #SPSSAN
How-to: PowerShell Add the permission level to your site PS > $spWeb.RoleDefinitions.Add($plevel) Clean up PS > $spWeb.Dispose() See base permissions that are available PS > [system.enum]::GetNames("Microsoft.SharePoint.SPBasePermissions") EmptyMask ViewListItems AddListItems EditListItems DeleteListItems ApproveItems OpenItems ViewVersions DeleteVersions CancelCheckout ManagePersonalViews ManageLists ViewFormPages Open ViewPages AddAndCustomizePages ApplyThemeAndBorder ApplyStyleSheets ViewUsageData CreateSSCSite ManageSubwebs CreateGroups ManagePermissions BrowseDirectories BrowseUserInfo AddDelPrivateWebParts UpdatePersonalWebParts ManageWeb UseClientIntegration UseRemoteAPIs ManageAlerts CreateAlerts EditMyUserInfo EnumeratePermissions FullMask #SPSSAN
Session wrap-up Questions Please complete a Session Survey Help me improve Help the organizers improve future events Win prizes! #SPSSAN
Contact me @ Email: trockwell@epmlive.com Twitter: @sharepoinTony Blog: http://sharepoinTony.info/blog LinkedIn: http://www.linkedin.com/in/ajrockwell San Diego SharePoint Users Group: www.sanspug.org slideshare: http://www.slideshare.net/trock2010/ REFERENCE: Technet - User Permissions and Permission Levels http://technet.microsoft.com/en-us/library/cc721640.aspx Spbasepermissions - definitions http://technet.microsoft.com/en- us/library/microsoft.sharepoint.spbasepermissions(v=office.12).aspx SP Permission Inheritance http://technet.microsoft.com/en-us/library/cc287792(v=office.12).aspx Best Practices for Fine-grained Permissions (White Paper) http://technet.microsoft.com/en-us/library/gg130816(v=office.12).aspx Best Practices Center for SharePoint 2010 http://technet.microsoft.com/en-us/sharepoint/hh189420 #SPSSAN
The After-Party: SharePint Karl Strauss Brewing Company 1157 Columbia Street San Diego, CA 92101 Phone: 619-234-2739 Immediately following event closing & prize drawings (@6:30 pm) Directions (.9 miles): 1. Head northeast on 1st Ave 2. Turn left onto W. B St 3. Turn left onto Columbia St Karl Strauss will be on the left #SPSSAN
June 30, 2012 San Diego Convention Center THANK OUR SPONSORS Please be sure to fill out your session evaluation! #SPSSAN

Recomendados

Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurd...
Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurd...Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurd...
Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurd...Geoff Varosky
 
CVNUG - Share Point Development
CVNUG - Share Point DevelopmentCVNUG - Share Point Development
CVNUG - Share Point Developmentryanaoliveira
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthKashif Imran
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to ZSteve Goldberg
 
SharePoint Permissions Overview
SharePoint Permissions OverviewSharePoint Permissions Overview
SharePoint Permissions OverviewFrancois Pienaar
 
Solving business problems: No-code approach with SharePoint designer workflow...
Solving business problems: No-code approach with SharePoint designer workflow...Solving business problems: No-code approach with SharePoint designer workflow...
Solving business problems: No-code approach with SharePoint designer workflow...Bhakthi Liyanage
 
SharePoint Development(Lesson 5)
SharePoint Development(Lesson 5)SharePoint Development(Lesson 5)
SharePoint Development(Lesson 5)MJ Ferdous
 
SharePoint Permissions 101
SharePoint Permissions 101SharePoint Permissions 101
SharePoint Permissions 101Thomas Duff
 

Recomendados

Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurd...
Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurd...Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurd...
Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurd...Geoff Varosky
 
CVNUG - Share Point Development
CVNUG - Share Point DevelopmentCVNUG - Share Point Development
CVNUG - Share Point Developmentryanaoliveira
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthKashif Imran
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to ZSteve Goldberg
 
SharePoint Permissions Overview
SharePoint Permissions OverviewSharePoint Permissions Overview
SharePoint Permissions OverviewFrancois Pienaar
 
Solving business problems: No-code approach with SharePoint designer workflow...
Solving business problems: No-code approach with SharePoint designer workflow...Solving business problems: No-code approach with SharePoint designer workflow...
Solving business problems: No-code approach with SharePoint designer workflow...Bhakthi Liyanage
 
SharePoint Development(Lesson 5)
SharePoint Development(Lesson 5)SharePoint Development(Lesson 5)
SharePoint Development(Lesson 5)MJ Ferdous
 
SharePoint Permissions 101
SharePoint Permissions 101SharePoint Permissions 101
SharePoint Permissions 101Thomas Duff
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Mais conteúdo relacionado

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Destaque

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destaque (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Best Practices with SP Permission Levels

  • 1. June 30, 2012 San Diego Convention Center BEST PRACTICES FOR MANAGING SHAREPOINT PERMISSION LEVELS SharePoint 2010 Tony Rockwell #SPSSAN
  • 2. Who? Tony Rockwell About me: 20+ years in IT Solution Specialist at EMP Live 5 years focused on SharePoint EPM Live is the global leader in MCTS SharePoint 2010 SharePoint-based project, portfolio & Configuration work management solutions that help organizations increase productivity by • SharePoint Administration improving visibility, execution and • Installation; Configuration; collaboration on all types of work. Upgrades • PortfolioEngine • Enable OOTB features • WorkEngine • Implement 3rd party tools • ProjectEngine • Founding Board Member of SANSPUG • SPSSAN organizer #SPSSAN
  • 3. House Keeping • Thank our Sponsors! • This is an Interactive Session • Save questions – you choose Twitter hashtags: #PermissionLevels #SPSSAN
  • 4. Agenda • SharePoint Security • Why Create custom permission levels? • Inheritance & Scopes • Best Practices • Permission Level Scenario • How-To using the SharePoint interface • How-To using PowerShell • References #SPSSAN
  • 5. SharePoint Security • Why create custom permission levels? • Because security matters to you • Ease security administration • Enable refined security • Terminology Permission Levels Farm Administrator Users Service Application Administrator Groups Feature Administrator Securable Objects Site Collection Administrator Inheritance & Scopes #SPSSAN
  • 6. Inheritance & Scopes Site Collection Web Object Document Library Object Folder Web Object Item Item Item Scope 2 #SPSSAN
  • 7. Best Practices SharePoint Permissions • Use fine-grained permissions only when business case requires it • Break permission inheritance infrequently as possible • Use domain groups to assign permissions to sites when possible • Assign permissions at the highest level possible • Make use of appropriate SP roles #SPSSAN
  • 8. Best Practices SharePoint Permission Levels & Scopes • Don’t modify or delete a default permission level • Copy a default permission level & modify it • The maximum # of unique security scopes set for a list should not exceed 1,000 • Use group membership rather than individual membership in your scopes #SPSSAN
  • 9. Scenario • The Company • Each department owns a site • Department site owner to manage site… but delegates permissions to someone else • Delegate should not modify site, pages, etc. only add/remove (manage) users • Delegate should also have standard “Contribute” access to site #SPSSAN
  • 11. How-to: SharePoint interface 1. Navigate to top-level site 2. Site Actions > Site Permissions (or Site Settings for Publishing) 3. Click on Permission Levels in the Ribbon 4. Select the permission level to copy – Contribute 5. Scroll down & select Copy Permission Level #SPSSAN
  • 12. How-to: SharePoint interface 6. Name the new permission level (User Manager) & enter a description (i.e. “ Use this permission to Manage Users”) 7. Select desired permissions • Check Enumerate Permissions (Manage will auto-select, Deselect it) 8. Scroll down & click Create The custom permission level is ready to use! • Create a SharePoint group for each department; i.e. “Accounting User Managers” • Give the group the “User Manager” permission level • Make the owner of this SP Group, the Site Owner or SCA • Change the owner of the Member & Visitor groups #SPSSAN
  • 13. How-to: PowerShell PS > $spWeb = Get-SPWeb http://sharepoint.contoso.com Create a new object PS > $plevel = New-Object Microsoft.SharePoint.SPRoleDefinition Add name and description PS > $plevel.Name = "Custom: User Manager" PS > $plevel.Description = “Enumerate Permissions" Set the base permissions PS > $plevel.BasePermissions = “EnumeratePermissions” #SPSSAN
  • 14. How-to: PowerShell Add the permission level to your site PS > $spWeb.RoleDefinitions.Add($plevel) Clean up PS > $spWeb.Dispose() See base permissions that are available PS > [system.enum]::GetNames("Microsoft.SharePoint.SPBasePermissions") EmptyMask ViewListItems AddListItems EditListItems DeleteListItems ApproveItems OpenItems ViewVersions DeleteVersions CancelCheckout ManagePersonalViews ManageLists ViewFormPages Open ViewPages AddAndCustomizePages ApplyThemeAndBorder ApplyStyleSheets ViewUsageData CreateSSCSite ManageSubwebs CreateGroups ManagePermissions BrowseDirectories BrowseUserInfo AddDelPrivateWebParts UpdatePersonalWebParts ManageWeb UseClientIntegration UseRemoteAPIs ManageAlerts CreateAlerts EditMyUserInfo EnumeratePermissions FullMask #SPSSAN
  • 15. Session wrap-up Questions Please complete a Session Survey Help me improve Help the organizers improve future events Win prizes! #SPSSAN
  • 16. Contact me @ Email: trockwell@epmlive.com Twitter: @sharepoinTony Blog: http://sharepoinTony.info/blog LinkedIn: http://www.linkedin.com/in/ajrockwell San Diego SharePoint Users Group: www.sanspug.org slideshare: http://www.slideshare.net/trock2010/ REFERENCE: Technet - User Permissions and Permission Levels http://technet.microsoft.com/en-us/library/cc721640.aspx Spbasepermissions - definitions http://technet.microsoft.com/en- us/library/microsoft.sharepoint.spbasepermissions(v=office.12).aspx SP Permission Inheritance http://technet.microsoft.com/en-us/library/cc287792(v=office.12).aspx Best Practices for Fine-grained Permissions (White Paper) http://technet.microsoft.com/en-us/library/gg130816(v=office.12).aspx Best Practices Center for SharePoint 2010 http://technet.microsoft.com/en-us/sharepoint/hh189420 #SPSSAN
  • 17. The After-Party: SharePint Karl Strauss Brewing Company 1157 Columbia Street San Diego, CA 92101 Phone: 619-234-2739 Immediately following event closing & prize drawings (@6:30 pm) Directions (.9 miles): 1. Head northeast on 1st Ave 2. Turn left onto W. B St 3. Turn left onto Columbia St Karl Strauss will be on the left #SPSSAN
  • 18. June 30, 2012 San Diego Convention Center THANK OUR SPONSORS Please be sure to fill out your session evaluation! #SPSSAN

Notas do Editor

  1. If you are a SP Admin or in any other role & interested in security or how SP permissions work, you are in the right place.
  2. Co. Experience:Project Management consulting since 1999 5,000+ CustomersStandards:Best practices embeddedFast:Pre-built solutions so you can get started todayLow Risk: Start online today and deploy onsite at anytimeProven:Built using 100% Microsoft based softwareManaged Microsoft PartnerSince 2000500+ deployments of Microsoft EPM/PPM SolutionsMicrosoft Technical Advisor for EPM 2002, 03, 07 and 10Implemented in over 35 different CountriesWide range of industry experienceOver 125 EPM Live PartnersIn Over 33 Countries
  3. You may hear this a lot, but without sponsors we wouldn’t be here. Visit their booths, say thanks.I am an informal guy, so this will be an interactive session if you want it that way. Please call me Mr. Rockwell, raise your hand , etc, according to the pre-defined points within my presentation designated for questions. Ha, Ask questions throughout or there will be time at the end.Interject your knowledge & experience on the topic, that is what SPS is about – people sharing SharePoint knowledge.Tweet using #spssanhashtag & share with those who were not fortunate enough to attend this session or this event. ;-) #permissionlevels
  4. SP Security overview Critical terminology related to this topic| Understanding inheritance & scopes | Best practices | Quick How-toContact information & reference links will be in the slides at the end & I will post this slide set after the eventoh I will need to ask for everyone’s ID’s before I begin…this is a security related session after-allHow many here are SP Admins? What other roles are represented here today?Permissions grant the ability to perform specific actions.
  5. Users & Business Units are empowered to manage their own content within SP. Some organizations go as far as enabling the end-users to completely control the structure and functionality of their own SP sites. For SharePoint Administrators coming from an IT organization this can become a nightmare, for SP Admins coming from the Business it is a bigger nightmare. How do you protect corporate data, allow your end-users to manage themselves, and keep them from shooting themselves? Learn about SP Security.Permission levels are pre-defined sets of permissions used to grant users access to content in SP.Users is someone who has an account that can be authenticated…Groups(set of users)Securable Objects-levels within SP that can be secured; sites, lists, libraries, items.Inheritancenext slideService App Admin-delegated by farm admin, manage specific svc app only, cannot create new svc appsFeature Admin-delegated by farm or svc admin, manage subset of svc app settings for specific feature (UPS-manage audiences or profiles e.g.)Site Collection Admin-full control all sites in collection cannot be overridden except w/web app policy.You can assign a permission level to a user or group for a specific securable object (site, list, or item). Individual users or groups can have different permission levels for different entities.
  6. Inheritance – used to describe how user access is created by default in SP. A scope is the security boundary for a securable object and any of its children that do not have a separate security boundary defined.Securable objects w/in SP inherit the scope of its parent; When s.o. is created it is w/same user access as its parent. So Inheritance means that Permissions & access are managed at the ‘top’/parent level: any updates to parent s.o. will also update the child s.o.A scope contains an Access Control List (ACL), but unlike NTFS ACLs, a scope can include security principals that are specific to Windows SharePoint Services. The members of an ACL for a scope can include Windows users, user accounts that are not Windows users (such as forms-based accounts), Active Directory groups, or SharePoint groups.
  7. FGP – “expensive” in admin oversight & performanceSite level permissions require less processing, easier to maintainUse SP Roles, don’t give more permissions than is necessary: Farm AdministratorService Application AdministratorFeature AdministratorSite Collection AdministratorBecause it is inefficient to maintain permissions for individual users, MS recommends that you use group permissions as much as possible. Particularly if you are using fine-grained permissions,you should use groups to avoid having to track permissions for individual user accounts. Because people can move in and out of teams and change responsibilities frequently, you might not want to track all of those changes and continually update the permissions for uniquely secured objects.
  8. built-in limit of 50,000 scopes for a List or Library – addition of scopes after that limit is prohibited (can be changed w/PS) *Effective limit is 1-2kLittle known best practice: remove all users from your system & your security concerns will significantly diminish
  9. Anyone have another scenario?
  10. Before you start, know that you have a login with the appropriate credentials to allow you to accomplish the task.Farm Admin can add themselves or you to these groups. SP Farm account or your SQL dba can be used to give you the PS role.It is always good if you have a sqldba to lean on and if you can use them unmercifully when things go wrong.Another Good Habit, give permissions to your account to do these tasks, then Remove them when done. Making that part of the process helps you avoid silly mistakes or problems if an account is compromised.
  11. We will walk thru the steps first then Demo after these two slidesI like the “tell me what you are going to tell me and then tell me” method of presenting. It is easier to follow because you know what is coming.If you don’t have Permission Levels in the Ribbon then guess what, you don’t have permissions to do this task…you are not a SCA.Why do I have “copy” in step 4? Remember our Best Practices? Don’t modify or delete a default permission level…copy it.There are places within SP where it is difficult to do some tasks, this isn’t one of them. Click the nice button
  12. Edit the Permissions of a group, add the “Manage Users” permission level for the site. Manage Permissions  -  Create and change permission levels on the Web site and assign permissions to users and groups. [allows them to CHANGE their own permissions]Enumerate Permissions  -  Enumerate permissions on the Web site, list, folder, document, or list item. Alternatively, you may create the Permission Level with ONLY Enumerate Permissions (Create new rather than Copy Contribute) and then add this permission level to the SP group, along with their normal permissions (Contribute or whatever).We will use this alternate method in the PowerShell example, but first let’s look at these previous steps again in SharePoint. DEMO Create “My New Group”
  13. Create a new object of the type Microsoft.SharePoint.SPRoleDefinition. Then, add a name and description and set the base permissions that you want to useRemember, we are demonstrating the “2 permission level” option here. If you want to use a single PL then additional permissions will be needed for the users to View the site, list, library, items etc. and browse around. Look at the visitor PL to get an idea of how many permissions are required.
  14. Best Practice: CLEAN UPPS > [enum]::GetNames("Microsoft.SharePoint.SPBasePermissions") also worksFor a full list of the base permissions in alphabetic order use the following:[Microsoft.SharePoint.SPBasePermissions] | gm –Static –MemberType Property | select NameDemo PS here Talk about adding the PL to a group/user using PS, in the text file on vm
  15. Provide me with one-liners to make my sessions more fun. Ask me to quit, I will take it personal and hunt you down.
  16. How fast can you take notes?Great Books:Automating Microsoft SharePoint 2010 Administration with Windows PowerShell 2.0 – Gary Lapointe and Shannon Bray (Sybex)Professional SharePoint 2010 Administration – Todd Klindt, Shane Young, Steve Caravajal (Wrox)Microsoft SharePoint 2010 Administrator’s Companion and/or Pocket Consultant – Bill English, Brian Alderman, Ferraz/ Ben Curry (MS Press)Microsoft SharePoint Foundation 2010 Inside Out –O’Connor, Coventry, Lanphier, Lightfoot, Resing, Michael Doyle (MS Press)SharePoint 2010 Administration Instant Reference – Randy Williams, Gross (Sybex)