Managing SharePoint permissions can be a very challenging and daunting task, especially because the built-in SharePoint tools in some areas are lacking some of the features that SPDocKit, as a third-party tool, provides. It helps you to be more efficient, create reports that are not available as out-of-the-box SharePoint reports, and to perform tasks that would otherwise take very long time.
This is why we have prepared this webinar: to present all of these SPDocKit capabilities and show how you can make permissions management painless and much more simple. The slide deck is available at our SlideShare.
We encourage you also to take a look at the webinar recording of Toni Frankola’s session for the European SharePoint Conference on "SharePoint Permissions Management via SharePoint UI – Best Practices".
Table of contents:
0:27 Acceleratio and Products intro
4:01 SPDocKit - Features Overview
7:23 SharePoint Permissions by SPDocKit - Overview
18:19 Permissions - Event Log
18:43 Product Demo and Use Cases
49:09 Permissions Management Best Practices
In this webinar we will show you how you can manage SharePoint permissions using our tool SPDocKit. SPDocKit is a SharePoint administration tool created by SysKit. We have been present in the market since 2009 and during those 7 years have gathered more than 2000 customers all over the globe. Explore our other tools: SysKit Monitor for server performance, SysKit Insights for Sharepoint performance monitoring, and SysKit Security Manager for Office 365 security.
SPDocKit – Features Overview
SPDocKit is a SharePoint administration, management, and governance tool that helps with your day-to-day tasks and operations.
- Its key feature is the ability to generate SharePoint farm documentation. It provides a detailed overview of all the farm, system, and configuration settings.
- Monitor farm health, track changes, compare farms, web applications, and Site Collections, create numerous content and usage reports.
SharePoint Best Practices reports help you audit farm configuration and optimize your farm performance according to the best practices of Microsoft and the community (SharePoint 2016 supported).
Easily set up SharePoint rules to enforce your SharePoint governance policies across a SharePoint farm.
SharePoint Permissions Governance – SPDocKit
When it comes to permissions we can talk about two components:
- Reporting: The tool can gather all the permissions settings for every object (document library, site, list item, etc.). You can generate permission reports for users and groups, export, and explore.
- Managing: You can perform simple tasks that are also available via SharePoint UI (e.g. create groups and grant permissions), but you can also do more complex procedures such as cloning or transferring permissions.
SharePoint Permissions Explorer
You can use our built-in tool, Permissions Explorer, to dig deep and get information about all users and sites in one place. Drill down and review permissions to the list-item level. You can view permissions in real time or for a specific date or date range. Get a great visual overview of your Site Collection structure. When exploring different levels you will see a small red square next to some objects. This means that this object doesn’t have permissions inherited from its parents but has some unique permissions.
You can easily see all of your users, their group memberships, and groups (SharePoint and Active Directory). When it comes specifically to the Active Directory, you are only able to view members, not to change their membership in AD groups or similar: these changes have to be made in the Active Directory. Users that have been disabled in the AD will also be listed, so you can use this to keep your SharePoint clean and uncluttered.
SharePoint Permissions Reports
There are many levels and sections of reports in SPDocKit. We decided to divide them in this way because our clients said that they would like to print out the results. Sometimes the reports are very long, so this structure simplifies the analysis of gathered information. You can export the reports as Excel or PDF files. Below you can see a full list of reports in SPDocKit UI:
- Unique Permissions: If you are performing any kind of audit, use this report to visualize whether there are any broken permissions and check if all is how it should be.
- Site and User Specific Reports: All the user or SharePoint site permissions you need can be displayed on one page.
- Hierarchical Permissions: Get a detailed overview of three and leaf connections so you can reduce clutter – check Site Collection, Subsite, and List hierarchy.
- Cleanup Reports: Knowing which groups have no users, and which are orphaned or have no permissions, can take hours of work in SharePoint.
SharePoint Permissions Management
SPDocKit offers many built-in actions to manage SharePoint permissions and there are many different options:
- Inheritance: Break or restore parent-child relations.
- Grant: Assign permissions to a user or a group on a selected SharePoint.
- Manage: Modify assigned permission levels for SharePoint groups or individual users.
- Clone or transfer permissions between principals.
- Remove: Delete user or group, remove users from group.
- Manage SharePoint Online permissions.
- Manage Site Collections.
For some more complex actions you can use our Wizard. In certain situations, such as when you need to grant permissions to a user or group of users, for a number of different Site Collections etc., in SharePoint UI you would have to go Site Collection by Site Collection giving individual permissions. We can help: you can start a Wizard, choose a user, and grant them permissions to a number of different Site Collections to speed things up.
You can also easily manage Site Collection Administrators. You can change primary and secondary admins and manage the membership of this group of people who have full control over your Site Collection. This is something you need to maintain regularly.
Some of the Wizard actions are listed below, you can manage:
- Permission inheritance: Break and restore parent–child relations between SharePoint items.
- SharePoint groups: Delete, create, rename, edit groups. Add or remove users to and from specific groups.
- SharePoint users: Manage, clone, and transfer permissions between principals.
- Site Collections: Clean up the Site Collection from unwanted principals, configure its admins, create specific permissions levels.
- SharePoint Online permissions: Management On Premises and Online.
Note: Everything that SPDocKit does is logged in the Event Log, so you will be able to trace how the tool changes permissions and be sure that everything is correct. This is essential if you have compliance in your company and have to track everything.
SharePoint Online Permissions Management
We can also offer you the ability to connect to SharePoint Online if you use our Workstation licensing model. If you’d like to manage your permissions in both SharePoint Online and Office 365, we recommend you to use our other tool – SysKit Security Manager.
Compare SharePoint Permissions
Once the tool gathers all the information regarding permissions and structure in a snapshot, you will be able to compare them. If someone calls you and says, “you know, John had permissions to access the site yesterday, but today he is getting an access-denied message: what happened?”, you will be able to easily compare the two snapshots and ascertain what has changed.
- Compare permissions between sites, lists, and list items.
- Check differences in your permissions at different points of time.
- See which permissions should be granted or removed from users, when compared with another site.
SharePoint Permissions Management Best Practices
To finalize, we have prepared some general best practices on SharePoint permissions management. To learn more about this, feel free to check Toni's most recent webinar on the ESPC website.
- Use AD Groups or Azure AD Groups when possible.
- Be careful because management might be difficult in the long run.
- Define SharePoint groups at the Site Collection level.
- Use Groups instead of giving direct access.
- Remove unused groups when possible.
- Remove orphaned users.
- Break permissions at the ideal spot: Site >> List >> Folder >> List Item.
- Make sure not to cross-define SharePoint boundaries.
- When creating a new site with unique permissions use existing groups when possible.
- Try to reduce the number of custom permission levels.
- When creating a new permission level, start by copying an existing one.
- Be careful when restoring permissions inheritance on a site (it will restore the entire chain downwards).