managing permissions in sharepoint
TRANSCRIPT
Alex Pearce (Office 365 MVP) BFC Networks BLOG: http://www.bfcnetworks.com [email protected] /
@alex_pearce Interests in Office 365 Education,
Configuration not Customisation, integration.
Agenda
Permission typesSharePoint GroupsUsers Inheritance of permissionsOffice 365 External SharingOrganisation Culture and Structures
Above and beyond
Site Collection AdministratorsWeb Application – View
(search crawler)Web Application – Full ControlFarm
Approve / Decline
Approve or Decline content being published to the requested area Only user submitted and approvers can
see content Workflow to approve or decline before
the content is available for all to see in that site
SharePoint Groups“A set of users or groups defined to a single group to help manage content better in SharePoint”*
SharePoint Groups
Include individual Users or Active Directory Groups
Permissions are not set on SharePoint Groups, they are only groups (doesn’t matter on their name)
SharePoint Groups: Names
Include individual Users or Active Directory Groups
Permissions are not set on SharePoint Groups, they are only groups (doesn’t matter on their name)
SharePoint Groups: ManagingSet
Name About Me Group Owners (can be SharePoint
Group) Group Settings
– Who can view– Who can edit
Membership request
SharePoint Groups: AssociationEach site has 3 groups associated
with it Visitors (View) Members (Contribute) Owners (Full Administrators)
Associated at creation of site
Understanding what a user hasA user can have permission from the
following Added Individually Added to a SharePoint Group Added to a Active Directory Group
– Then added individually or into a SP Group Other
– Site Collection Admin– Higher Farm Permissions (bad practice)
Breaking Down Content
SiteList Item
Permissions are inherited from the above and can be broken
(break inheritance) so only certain users can access the content
When we break inheritance
Copy or remove exciting groupsAdd individual users/groupsDeny access for users who inherit
from above
Demo
BREAKING INHERITANCE
Creating a site with permission set, breaking inheritance on a document library and setting permissions
Office 365 External Sharing
Permissions View Edit
Give external access to content Per site Per list/library (recently added) Per folder Per item
OneDrive: External Sharing
Allow view with no permissions Shared With Everyone folder
– Everyone except External Anonymous access to content
YammerChange is the new constant. Yammer is a private social network that helps you and your teams stay on top of it all. Yammer team collaboration software and business applications allow you to bring your team together so you can have conversations, collaborate on files, and organize around projects so you can go further – faster.
YammerChange is the new constant. Yammer is a private social network that helps you and your teams stay on top of it all. Yammer team collaboration software and business applications allow you to bring your team together so you can have conversations, collaborate on files, and organize around projects so you can go further – faster.
Organisation Culture/StructureWhat should be accessible to all
users to view, edit or comment?Does giving users access to content
that is not direct to their job role prevent them from doing their job?* If they find it becomes part of their role,
should they be allowed to comment? If they have past experience or a
personal interest, should they be allowed to comment?
Organisation Culture/Structure
Does an open approach to content and comments help improve the contribute to content in that data?
Should an open approach to social networking mean a different approach to how we do permission in other areas (not just SharePoint)?
Organisation Culture/Structure
Permissions is based on your role but everyone does it based on the user…Where is the business continuity if that person leaves? Should they be able to see the pervious employees permissions, sites, files? How about their OneDrive?