Managing Security and Permissions in SharePoint

Alex Pearce

Alex Pearce (Office 365 MVP) BFC Networks BLOG: http://www.bfcnetworks.com apearce@bfcnetworks.com /

@alex_pearce Interests in Office 365 Education,

Configuration not Customisation, integration.

“Allow a user to data and content within your SharePoint environment”

Permission Bingo

5 in a row – 3 prizesHorizontal and Vertical lines only

Agenda

Permission typesSharePoint GroupsUsers Inheritance of permissionsOffice 365 External SharingOrganisation Culture and Structures

Permission normal to users

ViewMembersOwnersSite Collection Administrators

Above and beyond

Site Collection AdministratorsWeb Application – View

(search crawler)Web Application – Full ControlFarm

Approve / Decline

Approve or Decline content being published to the requested area Only user submitted and approvers can

see content Workflow to approve or decline before

the content is available for all to see in that site

SharePoint Groups“A set of users or groups defined to a single group to help manage content better in SharePoint”*

SharePoint Groups

Include individual Users or Active Directory Groups

Permissions are not set on SharePoint Groups, they are only groups (doesn’t matter on their name)

SharePoint Groups: Names

Include individual Users or Active Directory Groups

Permissions are not set on SharePoint Groups, they are only groups (doesn’t matter on their name)

SharePoint Groups: Names

SharePoint Groups: ManagingSet

Name About Me Group Owners (can be SharePoint

Group) Group Settings

– Who can view– Who can edit

Membership request

SharePoint Groups: Names

SharePoint Groups: Names

SharePoint Groups: AssociationEach site has 3 groups associated

with it Visitors (View) Members (Contribute) Owners (Full Administrators)

Associated at creation of site

SharePoint Groups: Association

Understanding what a user hasA user can have permission from the

following Added Individually Added to a SharePoint Group Added to a Active Directory Group

– Then added individually or into a SP Group Other

– Site Collection Admin– Higher Farm Permissions (bad practice)

Check Permissions

Search by user or group to see how they have permission to this area (DEMO)

Breaking Down Content

SiteList Item

Permissions are inherited from the above and can be broken

(break inheritance) so only certain users can access the content

When we break inheritance

Copy or remove exciting groupsAdd individual users/groupsDeny access for users who inherit

from above

Demo

BREAKING INHERITANCE

Creating a site with permission set, breaking inheritance on a document library and setting permissions

Office 365 External Sharing

Permissions View Edit

Give external access to content Per site Per list/library (recently added) Per folder Per item

OneDrive: External Sharing

Allow view with no permissions Shared With Everyone folder

– Everyone except External Anonymous access to content

Demo

EXTERNAL SHARINGPermissions in Office 365 and OneDrive for Business

Organisation Culture/StructureWhat should be accessible to all

users to view, edit or comment?

YammerChange is the new constant. Yammer is a private social network that helps you and your teams stay on top of it all. Yammer team collaboration software and business applications allow you to bring your team together so you can have conversations, collaborate on files, and organize around projects so you can go further – faster.

YammerChange is the new constant. Yammer is a private social network that helps you and your teams stay on top of it all. Yammer team collaboration software and business applications allow you to bring your team together so you can have conversations, collaborate on files, and organize around projects so you can go further – faster.

Organisation Culture/StructureWhat should be accessible to all

users to view, edit or comment?Does giving users access to content

that is not direct to their job role prevent them from doing their job?* If they find it becomes part of their role,

should they be allowed to comment? If they have past experience or a

personal interest, should they be allowed to comment?

Organisation Culture/Structure

Does an open approach to content and comments help improve the contribute to content in that data?

Should an open approach to social networking mean a different approach to how we do permission in other areas (not just SharePoint)?

Organisation Culture/Structure

Permissions is based on your role but everyone does it based on the user…Where is the business continuity if that person leaves? Should they be able to see the pervious employees permissions, sites, files? How about their OneDrive?

Thank you for attending!

Alex Pearce @alex_pearceapearce@bfcnetworks.com