This is a continuation article of the 3 part series. In this article I would like to summarize the Best Practices for SharePoint Permissions.
Best Practices
Following are some of the best practices:
1. Always use SharePoint Groups to assign Permission Levels
2. Add new Active Directory users & groups to SharePoint Groups
3. Create custom Permission Levels based on scenario
4. Run Permissions Audit Report & Cleanup deviations on periodic basis
5. Create unique permissions only after valid justification
6. If multiple items have same set of unique permissions, try to create new list with the items
7. Set appropriate Site Collection Administrators & Access Request emails
8. Integrate Permissions Request & Assignment through proper SharePoint Governance Policies
Following are the depiction of the same:
You can refer the Part 1 & 2 of article in References section below.
Tools
In a large farm scenario, we often require tools to manage & automate tasks. I will discuss some of the scenarios & tools available to solve it.
Copy Permissions
Imagine that you have a SharePoint farm consisting of 10 site collections, 50 sites & 100 lists & libraries. There are above 100 employees in the organization. A new employee is arriving & requires same permission of Accountant named ‘Joe’. How you will perform it?
In the non-tool scenario, you have to manually go & find each site / library to get permissions of ‘Joe’. After that you need to add new employee for the same location. Is it time consuming? Yes! Plus it is error prone too.
In the above scenario, we can use SharePoint Tools for addressing the problem. Following is a screen shot of Squadron > Permissions > Copy Permissions module.
We can enter the source & destination users to copy permissions.
Delete Permissions
Imagine a scenario where an employee is quitting the organization. We need to disable his access to all the SharePoint resources. How to achieve this?
In the manual way, we disable the Active Directory account & thus user cannot login to the SharePoint site. But his user account remains in SharePoint sites as Dead Account. The best way is to delete the user from all permissions assigned.
In the automated way, we can use Squadron to find account usage & delete it in less than 5 minutes.
More Tools
In the market, there are dozens of tool for the same purpose. Although priced, they provide better speed & cost advantage for high traffic farms. Some of them are:
LightningTools > DeliverPoint > Permissions Management
Idera > SharePoint Admin Toolset > Permissions Analyzer
Summary
In this article we have explored about Best Practices & Tools for SharePoint Permissions Management. I hope the article series was useful to you.
No comments:
Post a Comment