SharePoint Permissions:
Create SharePoint groups that you can manage and determine a naming convention which works for your organization. An example of this would to create a new SharePoint group for every library & list which has unique permissions i.e. Site Name-Library Contribute. This way you know when you are adding users that this group is the contribute group for that library with broken inheritance. You will run into scenarios where the same group of individuals needs access to multiple libraries. For this I create a permission group such as Site Name-Libraries -LegalReviewTeam Contribute and then in the description of the group I list out all of the libraries/list that this team has contribute access to.
Utilizing Active Directory groups
AD groups should be used within your SharePoint Groups in order to better manage SharePoint permission and to reduce the overall overhead of your site. In SharePoint you are able to use Security Level Active Directory groups for permissions, which can save a ton of time. At the bottom of this article I provided a graphic I created which helps to visualize the impact. You can check to see if an AD group is a security group by downloading a set of Administrative Tools → Active Directory Users & Computers → Search the distribution group and there should be a radio button that is marked for Security Group. By adding AD groups you can provision permissions for an entire group such as "Tibco Integration" which might be a distribution group in your organization which would give anyone that is part of that group permission to the site, This means that rather than adding let’s say 100 members of this group individually, you can add the AD group once. This also reduces maintenance since anyone that is removed from that distribution group will also lose their permissions on your site.
Create SharePoint groups that you can manage and determine a naming convention which works for your organization. An example of this would to create a new SharePoint group for every library & list which has unique permissions i.e. Site Name-Library Contribute. This way you know when you are adding users that this group is the contribute group for that library with broken inheritance. You will run into scenarios where the same group of individuals needs access to multiple libraries. For this I create a permission group such as Site Name-Libraries -LegalReviewTeam Contribute and then in the description of the group I list out all of the libraries/list that this team has contribute access to.
Utilizing Active Directory groups
AD groups should be used within your SharePoint Groups in order to better manage SharePoint permission and to reduce the overall overhead of your site. In SharePoint you are able to use Security Level Active Directory groups for permissions, which can save a ton of time. At the bottom of this article I provided a graphic I created which helps to visualize the impact. You can check to see if an AD group is a security group by downloading a set of Administrative Tools → Active Directory Users & Computers → Search the distribution group and there should be a radio button that is marked for Security Group. By adding AD groups you can provision permissions for an entire group such as "Tibco Integration" which might be a distribution group in your organization which would give anyone that is part of that group permission to the site, This means that rather than adding let’s say 100 members of this group individually, you can add the AD group once. This also reduces maintenance since anyone that is removed from that distribution group will also lose their permissions on your site.
No comments:
Post a Comment