Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Security Overview Functional...

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved.

Security OverviewSecurity Overview

• Functional security – users, groups, and permissions for sites, lists, folders and list items within SharePoint.

• Application security – authentication, server access, database access, firewall, network on server computers.


• Authentication – the process of verifying user identity.

• Authorization – determining the permissions level that an authenticated user has to specific resources such as sites, lists, folders, and list items.

example:Entering credentials during a log-on process into a computer or a website.

Security: Authentication vs. AuthorizationSecurity: Authentication vs. Authorization

example:Can Dave Green create lists in Chemistry 101 site? Does Lucy Smith have “professor assistant” permission level in Humanities 156?


Security Definition: PermissionSecurity Definition: Permission

• Permission is a right to perform a specific action on a resource in SharePoint.

example: List permissions: Add Items, Delete Items, …Site permissions: View Usage Data, Create Subsites, ..Personal permissions: Manager Personal Views, …


Security Definition: Permissions LevelSecurity Definition: Permissions Level

• Permission level – is a collection of permissions or in other words a role


Security Definition: Permissions Level DetailsSecurity Definition: Permissions Level Details


Security Definition: Active DirectorySecurity Definition: Active Directory

• Active Directory (AD) – user and group directory for Microsoft platform. Typically, only a small group of people with proper permissions can create or modify users or groups in AD.

• SharePoint users with “Manage Permissions” permission can assign a permission level to any user or group from AD within a specific site.


Security Definition: SharePoint GroupSecurity Definition: SharePoint Group

• SharePoint group is collection of AD users and/or groups, but cannot contain other SharePoint groups.

– SharePoint users with “Manage Permissions” permission can assign a permission level for SharePoint groups

– “Create Groups” permission enables users to create, modify, and delete SharePoint groups.


Functional – Site PermissionsFunctional – Site Permissions

• Site Settings > Advance Permissions


Security: Permissions InheritanceSecurity: Permissions Inheritance

• Site can inherit permission from the parent site or have unique permissions.

• Site can not inherit permissions from a site in a different site collection.


Functional – Authenticated Users AccessFunctional – Authenticated Users Access

• Controlling Access for All Authenticated Users

– If you want all authenticated users to be able to access your site, rather than adding each user individually or in groups, you can assign a permission level to assign to all authenticated users (NT Authority\Authenticated Users).


Security Definition: Security PrincipalSecurity Definition: Security Principal

• Security Principal – user or group used to control security

• The key to scaling security is keeping the number of principals reasonable at any one resource (site, list, list item)

example:

When adding an AD user to the site, the user is the principal. When adding AD group to the site, the group is the principal.


Application – User Information ListApplication – User Information List

• User information list contains all the users and groups in the site collection

• Typically, other lists lookup values from user information list.

example:

“Assigned To” column in “Tasks” list or “Modified By” in “Document Library”. Changing display names of users in the user information list will change them for everything in the site collection.


Demo: Site Level SecurityDemo: Site Level Security

Demo: Site Level Security

1. Examine default permission levels and permissions that make them up at the root site and sub sites

1. Give AD users and groups access to different sites and assign permissions levels

2. Examine default SharePoint groups.3. Create a new SharePoint group, assign permission

level to it and examine where that group is available

4. Examine User Information List5. Examine the setup of Visitors, Members, and

Owners groups for a new site that does not inherit permissions


Functional – List PermissionsFunctional – List Permissions

• Authorization in the list, folder, or list item works in the same way as in the site.


Functional – List Only PermissionsFunctional – List Only Permissions

• Users with permissions to access specific lists only will have “Limited Access” permission level on the website.

• The same is true for list items and folders.


Demo: List, Folder, List Item SecurityDemo: List, Folder, List Item Security

Demo: List, Folder, List Item Security

1. Examine list, folder, list item permissions settings

2. Examine permission inheritance


Lab: Exercises 1-4Lab: Exercises 1-4

• Perform exercises 1-4 from Security Lab


Free Style ExerciseFree Style Exercise

Free Style Exercise

1. Under “Courses”, create a site called “Chemistry 152”.

2. In “Chemistry152” create a sub site called “Polymerization”.

3. Give “Dave Green” access to “Polymerization” but not to “Chemistry152”.

4. Give “Dave Green” rights to view “Contacts” list in “Chemistry152”.


Demo: Help PagesDemo: Help Pages

Demo: Help Pages

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Security Overview Functional...

Documents

Transcript of Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Security Overview Functional...