Jamie Aliperti, profile picture
Uploaded byJamie Aliperti
PPTX, PDF390 views

Permissions designed to scale

- Permissions in SharePoint should be designed as part of an overall governance plan. This includes determining how content will be used and secured, who will manage permissions, and how users will be authenticated. - Key aspects of permissions include setting permissions at the web application level, defining site collection administrators, and using permission levels, inheritance, and groups to manage access across sites and content. - It is best practice to leverage inheritance where possible and use the default Members and Visitors groups to control access for most users rather than assigning permissions individually.

Embed presentation

Downloaded 13 times
Permissions: Designed to Scale Jamie Aliperti jamie.aliperti@axceler.com @jaliperti SharePoint Saturday Portland May 19th, 2012
About Me Sales Engineering Manager Axceler based out of the Los Angeles office, and spend most of my time providing consultancy, training and support to current and future customers. I have over 7 years experience with Microsoft technologies, and lead the Los Angeles Sales Engineering team. Email: Jamie.Aliperti@axceler.com Twitter: @jaliperti
About Axceler Improving SharePoint Collaboration Since 2007 Mission: To enable enterprises to simplify, optimize, and secure their collaborative platforms Delivered award-winning administration and migration software since 1994 Over 2,000 global customers Dramatically improve the management of SharePoint Innovative products that improve security, scalability, reliability, “deployability” Making IT more effective and efficient and lower the total cost of ownership Focus on solving specific SharePoint problems (Administration & Migration) Coach enterprises on SharePoint best practices Give administrators the most innovative tools available Anticipate customers’ needs Deliver best of breed offerings Stay in lock step with SharePoint development and market trends
SharePoint Security Where to Start? Anyone have any ideas?
Design Permissions as part of Governance Governance is about taking action to help your organization organize, optimize, and manage your systems and resources.
Questions to Ask How is your organization using SharePoint? Is there secure content in your SharePoint environment? Who is responsible for SharePoint Security? 5/30/2012
Plan! How granular do you need to control access to content? Who manages all the different parts of your SharePoint farm? How do you want to manage your users?
Farm Administrators Group Assigned in Central Admin and has permission to all servers and settings in the farm Central Administration access, create new web apps, manage services, stsadm/PowerShell command Can take ownership of content: make themselves Site Collection Administrators 5/30/2012
Authentication Methods A SharePoint environment must support user accounts that can be authenticated by a trusted authority How do you authenticate your users?
Windows Authentication  NTLM:  Users authenticated by using the credentials on the running thread  Simple to implement  SharePoint will not be integrated with other applications  Kerberos  If your SharePoint sites use external data  Credentials passed from one server to another (“double hop”)  Faster, more secure, and can be less error prone then NTLM  Anonymous Access  No authentication needed to browse the site
SharePoint Authentication Defined at the web application level
Who Needs to Access SharePoint? Claims-based authentication mode: use any supported authentication method or else you will support only Windows authentication 5/30/2012
Web Application Policies Quick way to apply permissions across web applications Only part of SharePoint where users can be explicitly denied access Set in Central Admin 5/30/2012
Site Collection Administrators Given full control over all sites in a site collection Access to settings pages Manage users, restores items, manage site hierarchy Cannot access Central Admin 5/30/2012
Securable Objects What can we secure? Site Library or List Folder Document or Item
Inheritance If all sites and site content inherit those permissions defined at the site collection, what’s so hard about managing permissions if they are defined so high in the hierarchy?
Structure/Architecture Sub-site Site Sub-site Site Site Collection Web App Site Sub-site Site Site Farm Collection Site Site Web App Collection Site Sub-site
Permission Levels Collections of permissions that allow users to perform a set of related tasks Permission levels are defined at the site collection level
Customizing Permission Levels The default permission levels are Full Control, Design, Contribute, Read, and Limited Access What does “Read” mean to your organization? 5/30/2012
SharePoint Groups A group of users that are defined at site collection level for easy management of permissions The default SharePoint groups are Owners, Visitors, and Members, with Full Control, Read, and Contribute as their default permission levels respectively Anyone with Full Control permission can create custom groups 5/30/2012
The Basics: Permissions Permissions are applied on objects: 1. Directly to users 2. Directly to domain groups (visibility warning) 3. To SharePoint Groups
Best Practice Make most users members of the Members or Visitors groups  Members group can contribute to the site by adding or removing items or documents, but cannot change the structure, site settings, or appearance of the site.  Visitors group has read-only access to the site, which means that they can see pages and items, and open items and documents, but cannot add or remove pages, items, or documents. 5/30/2012
Plan for Permission Inheritance Arrange sites and subsites, and lists and libraries so they can share most permissions Separate sensitive data into their own lists, libraries, or subsite Permission worksheet: http://go.microsoft.com/fwlink/p/?LinkID=213970&clcid=0x409 5/30/2012
Stick to the Plan If you do break inheritance, Microsoft recommends using groups to avoid having to track individual users People move in and out of teams and change responsibilities frequently Tracking those changes and updating the permissions for uniquely secured objects would be time-consuming and error-prone. 5/30/2012
Go back and refine
Questions and Answers
Contact us for more info Contact me: jamie.aliperti@axceler.com Twitter@jaliperti

More Related Content

PPTX
SharePoint Administration & Permissions
byCraig Jahnke
 
PPTX
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
byAntonioMaio2
 
PPT
Connectr #3 1.3
byNeil Burston
 
ODP
Web Space10
byMurali Mallapuram
 
PPTX
Spstc2011 Getting the Most from SharePoint's User Profiles
byMichael Oryszak
 
PPTX
SharePoint Permissions 101
byThomas Duff
 
PPT
internship project ppt
byDhruv Bhasin
 
PDF
Final Presentation My Idea
bybuschko
 
SharePoint Administration & Permissions
byCraig Jahnke
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
byAntonioMaio2
 
Connectr #3 1.3
byNeil Burston
 
Web Space10
byMurali Mallapuram
 
Spstc2011 Getting the Most from SharePoint's User Profiles
byMichael Oryszak
 
SharePoint Permissions 101
byThomas Duff
 
internship project ppt
byDhruv Bhasin
 
Final Presentation My Idea
bybuschko
 

What's hot

PDF
Social community datasheet
bycdcamsystem
 
PDF
XCC Introduction - Web Content Management Extension for IBM Connections
byTIMETOACT GROUP
 
PPTX
Sps ottawa 2012 slides - "my SharePoint is a production platform! not facebook!"
byNicolas Georgeault
 
PPTX
Team Site Security for Site Owners - BPC11 - March 2011
byVeronique Palmer
 
PPT
Sharepoint referenceportal
bymulcahey99
 
PPTX
IBM ConnectED 2015, Session SPOT107, XCC - Web Content & Custom Apps for IBM ...
byTIMETOACT GROUP
 
PPTX
Topic in-et
byTheWindChaser
 
PDF
Integration SharePoint 2010 with CRM 2010 by Mai Omar Desouki
byMai Omar Desouki
 
PPT
University of Glasgow Eduserv Event Sharepoint
byDiane Montgomery
 
PPT
Info 2.0 and IBM Mashup Center
byLauren Cooney
 
PDF
Elements_Users_and_Groups.pdf
byJeff Smith
 
PPTX
Worldwide Deployment
byNicolas Georgeault
 
PDF
Social Content Management
byPaul Hampton
 
PPTX
Share point presentation
byAdeel Javaid
 
PPTX
Get ready for alfresco 4
byPaul Hampton
 
DOCX
Sharepoint Admin
byYogesh Madav
 
PPTX
Swug apr 2010 - BPOS by Desmond and Andrew
byDennis Chung
 
PDF
Alfresco 4 launch keynote (Rome)
byPaul Hampton
 
PDF
Share point 2010 administration training
bysharepointexpert
 
PPT
Share Point Voice Annotation
bygma13
 
Social community datasheet
bycdcamsystem
 
XCC Introduction - Web Content Management Extension for IBM Connections
byTIMETOACT GROUP
 
Sps ottawa 2012 slides - "my SharePoint is a production platform! not facebook!"
byNicolas Georgeault
 
Team Site Security for Site Owners - BPC11 - March 2011
byVeronique Palmer
 
Sharepoint referenceportal
bymulcahey99
 
IBM ConnectED 2015, Session SPOT107, XCC - Web Content & Custom Apps for IBM ...
byTIMETOACT GROUP
 
Topic in-et
byTheWindChaser
 
Integration SharePoint 2010 with CRM 2010 by Mai Omar Desouki
byMai Omar Desouki
 
University of Glasgow Eduserv Event Sharepoint
byDiane Montgomery
 
Info 2.0 and IBM Mashup Center
byLauren Cooney
 
Elements_Users_and_Groups.pdf
byJeff Smith
 
Worldwide Deployment
byNicolas Georgeault
 
Social Content Management
byPaul Hampton
 
Share point presentation
byAdeel Javaid
 
Get ready for alfresco 4
byPaul Hampton
 
Sharepoint Admin
byYogesh Madav
 
Swug apr 2010 - BPOS by Desmond and Andrew
byDennis Chung
 
Alfresco 4 launch keynote (Rome)
byPaul Hampton
 
Share point 2010 administration training
bysharepointexpert
 
Share Point Voice Annotation
bygma13
 

Viewers also liked

PDF
Las meninas
byVinicius Rodrigues
 
PPTX
Moo milk ad
byJordancoady
 
PPTX
SharePoint Reporting for administrators SPSLA
byJamie Aliperti
 
PPT
Ngqiyuan
bynqy123
 
PPT
Trabajo Belen Sosa
bylALo1411
 
PPT
Trabajo Viridiana y Mariana
bylALo1411
 
Las meninas
byVinicius Rodrigues
 
Moo milk ad
byJordancoady
 
SharePoint Reporting for administrators SPSLA
byJamie Aliperti
 
Ngqiyuan
bynqy123
 
Trabajo Belen Sosa
bylALo1411
 
Trabajo Viridiana y Mariana
bylALo1411
 

Similar to Permissions designed to scale

PPTX
Mother always said "Did You Ask?": SharePoint 2010 Permissions
byRegroove
 
PPTX
Why Permissions Drive your Governance Strategy
byChristian Buckley
 
PPTX
MOSS2007 Security
bydropkic
 
PDF
SharePoint Team Site Permissions #Share4Biz
byVeronique Palmer
 
PPTX
Best practices for security and governance in share point 2013 published
byAntonioMaio2
 
PPT
Tech Ed 2006 South East Asia Security And Compliance by Joel Oleson
byJoel Oleson
 
PPTX
Give Your SharePoint Site a Physical
byAscendum Solutions
 
PPTX
SharePoint Training
byJohn Mongell
 
PPTX
Ron
bynorsivad
 
PDF
SharePoint Permissions 101 (text)
byThomas Duff
 
PPT
D Cornell Securing Share Point
byArt Upton
 
PPTX
Sharepoint for Nonprofits: Introduction
by501 Commons
 
PPTX
an overview of the SharePoint Permissions
byRandDarras
 
PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
byBishop Fox
 
PPTX
Best Practices for Security in Microsoft SharePoint 2013
byAntonioMaio2
 
PDF
Dell share point biwug
byBIWUG
 
PDF
Virtual Office Hours- A SharePoint Discussion for Nonprofits.pdf
byTechSoup
 
PDF
Mary leigh mackie-enforcing-sp_gov-spsbe04
byBIWUG
 
PDF
SPSBE_2012_Mackie_Enforcing SharePoint Governnace (SPSBE04)
byMary Leigh Mackie
 
PDF
Microsoft 365 Office A Comprehensive SharePoint 2024 Guide for Beginners and ...
bylyssatolsma
 
Mother always said "Did You Ask?": SharePoint 2010 Permissions
byRegroove
 
Why Permissions Drive your Governance Strategy
byChristian Buckley
 
MOSS2007 Security
bydropkic
 
SharePoint Team Site Permissions #Share4Biz
byVeronique Palmer
 
Best practices for security and governance in share point 2013 published
byAntonioMaio2
 
Tech Ed 2006 South East Asia Security And Compliance by Joel Oleson
byJoel Oleson
 
Give Your SharePoint Site a Physical
byAscendum Solutions
 
SharePoint Training
byJohn Mongell
 
Ron
bynorsivad
 
SharePoint Permissions 101 (text)
byThomas Duff
 
D Cornell Securing Share Point
byArt Upton
 
Sharepoint for Nonprofits: Introduction
by501 Commons
 
an overview of the SharePoint Permissions
byRandDarras
 
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
byBishop Fox
 
Best Practices for Security in Microsoft SharePoint 2013
byAntonioMaio2
 
Dell share point biwug
byBIWUG
 
Virtual Office Hours- A SharePoint Discussion for Nonprofits.pdf
byTechSoup
 
Mary leigh mackie-enforcing-sp_gov-spsbe04
byBIWUG
 
SPSBE_2012_Mackie_Enforcing SharePoint Governnace (SPSBE04)
byMary Leigh Mackie
 
Microsoft 365 Office A Comprehensive SharePoint 2024 Guide for Beginners and ...
bylyssatolsma
 

Recently uploaded

PDF
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
PPTX
Redcentric Data Centres: vision, mission and values
byRedcentric
 
PDF
Supercharging Android Apps with On-Device AI: Gemini Nano
bydinoykraj
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
Raj Jain, Recent Advances, Issues, and Challenges in Cybersecurity, Keynote a...
byrjain51
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PPTX
oop pillor polymorphism Code Presentation
byhifzamahmood8
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PDF
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
PDF
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
PDF
AI in Food Production (Foodwell) - AI Solutions Supporting Operations
bybyteLAKE
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PPTX
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
PPTX
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
PDF
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
PPTX
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
PDF
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
PDF
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
Redcentric Data Centres: vision, mission and values
byRedcentric
 
Supercharging Android Apps with On-Device AI: Gemini Nano
bydinoykraj
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
Raj Jain, Recent Advances, Issues, and Challenges in Cybersecurity, Keynote a...
byrjain51
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
oop pillor polymorphism Code Presentation
byhifzamahmood8
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
AI in Food Production (Foodwell) - AI Solutions Supporting Operations
bybyteLAKE
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 

Permissions designed to scale

  • 1.
    Permissions: Designed toScale Jamie Aliperti jamie.aliperti@axceler.com @jaliperti SharePoint Saturday Portland May 19th, 2012
  • 2.
    About Me Sales Engineering Manager Axceler based out of the Los Angeles office, and spend most of my time providing consultancy, training and support to current and future customers. I have over 7 years experience with Microsoft technologies, and lead the Los Angeles Sales Engineering team. Email: Jamie.Aliperti@axceler.com Twitter: @jaliperti
  • 3.
    About Axceler Improving SharePointCollaboration Since 2007 Mission: To enable enterprises to simplify, optimize, and secure their collaborative platforms Delivered award-winning administration and migration software since 1994 Over 2,000 global customers Dramatically improve the management of SharePoint Innovative products that improve security, scalability, reliability, “deployability” Making IT more effective and efficient and lower the total cost of ownership Focus on solving specific SharePoint problems (Administration & Migration) Coach enterprises on SharePoint best practices Give administrators the most innovative tools available Anticipate customers’ needs Deliver best of breed offerings Stay in lock step with SharePoint development and market trends
  • 4.
    SharePoint Security Where to Start? Anyone have any ideas?
  • 5.
    Design Permissions aspart of Governance Governance is about taking action to help your organization organize, optimize, and manage your systems and resources.
  • 6.
    Questions to Ask How is your organization using SharePoint? Is there secure content in your SharePoint environment? Who is responsible for SharePoint Security? 5/30/2012
  • 7.
    Plan! How granular doyou need to control access to content? Who manages all the different parts of your SharePoint farm? How do you want to manage your users?
  • 8.
    Farm Administrators Group Assigned in Central Admin and has permission to all servers and settings in the farm Central Administration access, create new web apps, manage services, stsadm/PowerShell command Can take ownership of content: make themselves Site Collection Administrators 5/30/2012
  • 9.
    Authentication Methods A SharePoint environment must support user accounts that can be authenticated by a trusted authority How do you authenticate your users?
  • 10.
    Windows Authentication  NTLM:  Users authenticated by using the credentials on the running thread  Simple to implement  SharePoint will not be integrated with other applications  Kerberos  If your SharePoint sites use external data  Credentials passed from one server to another (“double hop”)  Faster, more secure, and can be less error prone then NTLM  Anonymous Access  No authentication needed to browse the site
  • 11.
    SharePoint Authentication Defined atthe web application level
  • 12.
    Who Needs toAccess SharePoint? Claims-based authentication mode: use any supported authentication method or else you will support only Windows authentication 5/30/2012
  • 13.
    Web Application Policies Quick way to apply permissions across web applications Only part of SharePoint where users can be explicitly denied access Set in Central Admin 5/30/2012
  • 14.
    Site Collection Administrators Givenfull control over all sites in a site collection Access to settings pages Manage users, restores items, manage site hierarchy Cannot access Central Admin 5/30/2012
  • 15.
    Securable Objects What canwe secure? Site Library or List Folder Document or Item
  • 16.
    Inheritance If all sitesand site content inherit those permissions defined at the site collection, what’s so hard about managing permissions if they are defined so high in the hierarchy?
  • 17.
    Structure/Architecture Sub-site Site Sub-site Site Site Collection Web App Site Sub-site Site Site Farm Collection Site Site Web App Collection Site Sub-site
  • 18.
    Permission Levels Collections ofpermissions that allow users to perform a set of related tasks Permission levels are defined at the site collection level
  • 19.
    Customizing Permission Levels The default permission levels are Full Control, Design, Contribute, Read, and Limited Access What does “Read” mean to your organization? 5/30/2012
  • 20.
    SharePoint Groups A groupof users that are defined at site collection level for easy management of permissions The default SharePoint groups are Owners, Visitors, and Members, with Full Control, Read, and Contribute as their default permission levels respectively Anyone with Full Control permission can create custom groups 5/30/2012
  • 21.
    The Basics: Permissions Permissionsare applied on objects: 1. Directly to users 2. Directly to domain groups (visibility warning) 3. To SharePoint Groups
  • 22.
    Best Practice Make mostusers members of the Members or Visitors groups  Members group can contribute to the site by adding or removing items or documents, but cannot change the structure, site settings, or appearance of the site.  Visitors group has read-only access to the site, which means that they can see pages and items, and open items and documents, but cannot add or remove pages, items, or documents. 5/30/2012
  • 23.
    Plan for PermissionInheritance Arrange sites and subsites, and lists and libraries so they can share most permissions Separate sensitive data into their own lists, libraries, or subsite Permission worksheet: http://go.microsoft.com/fwlink/p/?LinkID=213970&clcid=0x409 5/30/2012
  • 24.
    Stick to thePlan If you do break inheritance, Microsoft recommends using groups to avoid having to track individual users People move in and out of teams and change responsibilities frequently Tracking those changes and updating the permissions for uniquely secured objects would be time-consuming and error-prone. 5/30/2012
  • 25.
  • 26.
  • 27.
    Contact us for more info Contact me: jamie.aliperti@axceler.com Twitter@jaliperti

Editor's Notes

  • #6 Who has one? Not a checklist…it’s constantly changing every day and needs to be managed in the long term
  • #7 Currently, is SharePoint a document repository? Is it critical to day to day business?Just internal users? Are there ways you can expand the use of SharePoint to offer more benefits to your organization? To partners? To the outside world?
  • #8 Who do you trust to manage all the different parts of your SharePoint farm?
  • #11 - Kerberos: Less traffic between servers, clients, and domain controllers- uses tickets instead of tokens so it doesn’t have to do a double hop to AD with each requestMuch more planning needed Anonymous: Instead, add the all Authenticated users security instead. This way actions can be traced to users.
  • #18 CB lead, MG color
  • #20 Break the inheritance and customize the Read permission level for a subsite to define what “read” really means to your organization