SPDocKit's team lead DEV Matija recently prepared a detailed white paper on the topic of SharePoint permissions management, role assignments and content security. The following post provides a short recap of the mentioned topics, and for more info download the white paper on the link below.
Download the White Paper - PDF
Content security is a top requirement for most businesses and organizations. Even if they are not handling secret data, their daily business content should be secure and accessible at any time. When handling content security, you will be faced with the following issues:
- Who needs permissions?
- For which content does a principal need permissions?
- What should a user be able to do with the content he or she has permissions for?
In SharePoint, permissions are assigned to principals; these are known as SharePoint users.
A SP user is an individual user or a group of users.
A user in SP is a person with a user account from any authentication provider supported by the web application. This means that both AD users and AD groups are considered SP users. Besides regular users, users can also have privileged access. These users are mainly farm and site collection admins. Managing users and their permissions while keeping an eye on group memberships can be a daunting task though.
Luckily, SPDocKit’s permissions management is here to help!
Objects that users have permissions for are called securable objects. These objects include SharePoint sites, lists, libraries, folders, documents, or items. It is clear that objects are determined by hierarchy. Permissions for securable objects are passed from the parent object to the child object by default. For example, everything from the site collection will be inherited on the SharePoint lists, and so on. By breaking the inheritance, you can secure your object; however, you should be careful because breaking the inheritance increases the need for further updates if the permissions policy is changed. SPDocKit allows you to keep track of permission inheritance and easily break or restore wanted permissions at any time.
What are permissions? They are so-called performance permits that control the access levels a user has to certain content. To perform a certain task in SharePoint, a principal needs a set of permissions. SharePoint 2013 comes with 33 built-in permissions categorized as list, site, and personal permissions depending on the object they are applied to. The link between all the securable elements is called the role assignment. This term explains the relationship between the SP principal, securable objects, and SP permissions. Because of the large number permissions, they are are never assigned directly to a user. You should use permission levels (roles) and permission policies. Using permissions through AD groups rather than individual users is also recommended. For more about these and other SharePoint permissions best practices, read our detailed white paper.