Joel Oleson's SharePoint Land : SharePoint Groups, Permission...

Popularity Report

Total Popularity Score: 0

Rank

URL Tag Cloud

Groups (0)

Related Lists

Bookmark History

Saved by 7 people (-1 private), first by anonymouse user on 2007-07-07

Codygros on 2009-04-26 - Tags planning , security , sharepoint
Pndragon on 2009-04-08 - Tags sharepoint , security , permissions
Jensling on 2009-03-02 - Tags Sharepoint , permissions , security , oleson
Laflour on 2008-11-05 - Tags SharePoint , Security
Placebo217 on 2008-10-02 - Tags reference , security , permissions , sharepoint

Public Comment

Public Sticky notes

The current best practice is to add users and domain groups to the permission level/cross site group (site collection groups).

Highlighted by laflour

You cannot create groups or permission levels declaratively in XML

Highlighted by laflour

Nested security groups beyond a couple can be problematic especially when a contact or DL is in the mix or when a global group is used improperly

Highlighted by laflour

The deeper the nesting the more likely windows itself will freak out.

Highlighted by pndragon

For sensitive sites at the site collection level - least priviledged access, don't delegate the site owner or admin roles, you should have a couple of site administrators and/or site owners, using individuals here is a good practice. You'd think why not create a group, but at this level it's good to have an individual owner that has an email address that will ensure the site auto delete features do what you'd expect.

Highlighted by placebo217

If it works to secure a file on the file system in the same domain as your SharePoint server, you're 99% likely it will work in SharePoint. I say 99% because, I have myself removed and re-added user, a number of times to reapply security to get it to work. It is a common troubleshooting step to remove the group or user, then remove their entry in the user info list to clean it up completely

Highlighted by laflour

Dev Tip from Jim Sturms: You cannot create groups or permission levels declaratively in XML – you’ll need to create these using the OM with a solution.

Although permissions inheritance is easily broken and granularized, I don't recommend it unless you need to. It's a pain to manage, let me tell you. There are a bunch of partners out there that would love to help you manage your site permissions and help you add users across all the sites when someone joins the group. It's a ton better to add security groups and users at the site collection level and use the sharepoint groups and add people to those roles that you see right out of the box. Sure you can break inheritance on special sites, but I'd recommend not making that the rule more the exception.

Highlighted by placebo217

"Policy is merged with local permissions to arrive at the user’s effective permissions.

Highlighted by placebo217

References:
TechNet: Plan Site Security
http://technet2.microsoft.com/windowsserver/WSS/en/library/700c3d60-f394-4ca9-a6d8-ab597fc3c31b1033.mspx?mfr=true
Managing Permissions and Security
http://office.microsoft.com/en-us/sharepointtechnology/CH100649861033.aspx
Role Assignments, Role Definitions, and Inheritance
http://msdn2.microsoft.com/en-us/library/ms414036.aspx
Users, Groups, and Authorization
http://msdn2.microsoft.com/en-us/library/ms414400.aspx

Highlighted by placebo217

Popularity Report

Total Popularity Score: 0

Rank

URL Tag Cloud

Groups (0)

Related Lists

Bookmark History

Public Comment

Public Sticky notes

Site Community

Readers (8)