SharePoint Best Practices for User Authorization

One of the first decisions that you will have to make is who will have access to the site itself and the content. One of the main things that you should know is that the decision does not have to be so black and white i.e. either someone has access or not. It is possible to assign users customized permission levels where they can see or edit only certain information. Also, SharePoint provides you with some built-in permissions, but you can achieve a greater level of granularity, but this will require development effort on your part.

All SharePoint sites exist under one master domain. This is commonly referred to as the site collection. They all have the same owner and administrative settings. If a user has a certain access level they will maintain those same rights for all of the sites in the collection. This is called permission inheritance. It is easy to see where a potential problem might arise. Not all of the people who inherit user permissions from the root site will be authorized to view or edit the content on lower level sites. Here is an outline of how permissions work inside the hierarchy:

• There is a single person who has the ability to assign access permissions in the site collection, known as the collection administrator. If you have many site collections it is a good idea to assign a separate person as the administrator for each.

• The site owner, who is responsible for managing the site can edit the permissions which will remove the inheritance.

• There are some things that you should know in terms of handling lists and libraries. What you should remember is that they will inherit the permissions of the site to which they belong. However, it is possible to break the inheritance for any individual items, you just have to be constantly on top of what can be shared and what needs to be restricted.

In case you might be wondering what would happen if somebody were to share an item with a person who does not have the authority to view it. If this happens, SharePoint will automatically break the inheritance for that item.

The first thing you need to do is establish a clear hierarchy of all the permissions and which ones will be inherited. There are some permissions that will come out-of-the-box, but it is possible to create more customized if none of them work for you. For example, the highest permission level is “Full Control” which will contain all of the permissions that are available. As a default setting, this permission level will be assigned to the Owners group. Therefore, one of the SharePoint best practices is determine which users will inherit the same permission level for future sub-sites. Make sure that you are aware of all the different permission levels offered by SharePoint and establish a clear hierarchy.

A lot of times, there are entire teams working on sites who all have the same permission authorization. If this is the case in your company, then you can simply assign the same permissions to all of the employees with one action, instead of doing so for everybody separately. It is important to note that in order to create such group sharing permissions, you will need to have the “Full Control” level yourself or another permission setting that lets you manage groups. While this is one of the SharePoint best practices, it is recommended that you retain all of the default SharePoint groups. Otherwise, if you start deleting them, the system can become unstable. As a general rule, you should only delete the groups that you will definitely not be using.

We have talked a little bit a permission inheritance, but there are important things that you need to know:

1. It is possible to break inheritance with various web parts. For example, if you want to hide a list or a library, it will be possible to do so. However, the more fine grained you get, the more complex things get.

2. Sharing something on a Site levels works differently than on an Item or Folder level. When you share something at a Site level, this action automatically makes the invited person a member of the sitename_members group. Therefore, no need to break permission inheritance here.

3. Consider the security aspect. When you break permission inheritance what you are in effect doing creating very fine-grained permissions. If you do this a lot, it is easy to lose track of who has what permissions, thus causing a security breach.

We hope that all of the SharePoint best practices presented about all of the permission levels will be useful for you when granting either individual or group access to sites. Setting the wrong permissions or forgetting to break inheritance can be disastrous for your organization, therefore, be sure to seek the assistance of competent SharePoint consultants to help you make sure that all of your information remains secure.

Check out also how to bring innovative solutions, using SharePoint in the healthcare industry.