Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
1 | @bobbyschang | bobbyschang.com
Worst Practices
Bobby Chang
@bobbyschang
2 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Contact Info
• slideshare.net/bobbyschang
• linkedin.com/...
3 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Why Worst Practices?
Rather Than a List of To-Do’s
5 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
At Times It’s More Effective (and Fun) to Share
What NOT ...
And Scare You Share With You Its Consequences
SharePoint Permissions
Basic Overview
8 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Permissions Fundamental
To Provide or Restrict
Access to ...
9 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Site Collection
Site
List / Library
Item
Child Site
10 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Site Collection
Site
List / Library
Item
Child Site
Brea...
11 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Site Collection
Site
List / Library
Item
Child Site
Brea...
12 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Permission Level
Determines how much access a user has
13 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Contribute
• CRUD (Create, Read, Update, Delete) content...
14 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
“Edit”
15 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Edit Contribute
16 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Delete List/Library
Edit is NOT recommended!
No Planning
Worst Practice
18 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Right?!
Planning
Matters
Planning matters
Photo Credit – Matthew Keagle & Creative Commons
Do you have a permissions strategy?
21 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
- What is purpose of the site?
- To gather vs. to share ...
23 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
“A governance strategy is never static – it is
a living,...
24 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
SharePoint platform (and the cloud) matures
Governance s...
25 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
2007 2010 2013
26 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
27 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
28 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
For instance…
29 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Office 365 Group
SharePoint
30 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Office 365 Groups & its SP Site permissions go hand-in-h...
31 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
SharePoint
Site Owners (Full Control)
Site Members (Edit...
32 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Understand
Impact
Plan Communicate
“Full Control” for Everyone
Worst Practice
34 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Create & Delete Sites
Create SharePoint Groups
Manage Pe...
35 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
36 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Dear Site Managers,
You play a pivotal role to SharePoint success (or failure)
When asked to pleeasseee have access to EVERYTHING
Image Credit: © SheKnows LLC
Let’s not rush to give
Full Control
40 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
41 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• “Everything” may pertain only to Documents
• “Access” ...
42 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Check or Refine governance policy
Ensure required traini...
43 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Thy requests must go through me …
It’s not that you’re
a...
Simply can’t have everyone
manage your site
Assigning Permissions to Individual Users
Worst Practice
47 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Team Growth
• Role Change:
– Expanded Responsibilities...
48 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Where in the World is
Carmen Sandiego?
49 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Hard to know who has
what access
• Cumbersome to manag...
Instead, Use …
SharePoint Group
51 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.comThen Add or Remove Users from the Group
First, Assign Per...
52 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Microsoft recommends
AD (Active Directory) Group
SharePo...
53 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
AD Group
54 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Recommended by MSFT for performance
• Use AD group in ...
Default Settings for SharePoint Groups
Worst Practice
56 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
57 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
58 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Site Managers could be locked out
• Be Mindful of Defa...
59 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
ALWAYS assign a group as group owner
Preferably Site Col...
60 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Instead open membership list to everyone
Default -> only...
61 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
What to Look for When
Breaking Site Inheritance
62 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
63 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Reflect and Assess!
Do I really need unique site permiss...
Item Level Permissions
Worst Practice
65 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Item = Document or List Item
• You can set permissions...
doesn’t mean you should
Just because you can …
67 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• SharePoint View doesn’t differentiate unique
item perm...
68 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
F A C T : Reduced performance after
5,000 unique inherit...
70 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
71 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
72 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Promotes SharePoint Content
Convenient and Readily Avail...
73 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
74 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
After all, sharing is caring. Right!?
75 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
76 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
77 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
78 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Item Level Permission (Worst Practice #5)
Permissions fo...
80 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
(Site Permissions > Access Request Settings)
81 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
But don’t fight against the Microsoft wave
82 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
83 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
In Office 365, you have options
84 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
85 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
86 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
87 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Fun with Limited Access
*BONUS* Worst Practice
89 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Because Limited Access is The Devil
91 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
If user is not declared in site permissions,
Permissions...
• Hard to identify where
access was granted
• Clutters site permission
• No easy clean-up process
93 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
*IMPORTANT!
When you Delete Limited Access from site,
Sh...
94 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Limited Access can now be hidden
95 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Already in a Permissions Hole?
96 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
First Things First – Stop the Bleeding!
e.g.: Change Ful...
97 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Assess the Damage and Document Findings
98 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Third-Party
Product
Out of Box PowerShell
99 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Site permissions page
• Unique access are displayed in...
100 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Could run report on almost anything
• You don’t have ...
101 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Complexity of SharePoint permissions may
warrant a th...
102 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Few Considerations During Permissions Clean-Up
103 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Remember that
it’s a process!
i.e.: You may not get
it ...
One is the
loneliest number
 Gather requirements
 Talk to business users
 Leverage other team members Photo Credit - Th...
105 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
For worst case
scenario…
106 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Consider starting over
107 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Photo Credit: Lucasfilm / Paramount
• Inherit all permi...
108 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
•Get executive buy-in
Gather needs from business functi...
109 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
Mitigate Survey the Field Clean Up Manage & Control
Do ...
110 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
• Enforce permissions governance
• Gain leadership supp...
111 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
People Process Tool
Assign Roles Define how to
periodic...
112 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
(Under Site collection Settings)
113 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
114 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
115 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
116 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
“The greatest accomplishment is not in never failing,
b...
linkedin.com/in/bobbyschang
bobbyschang.com
@bobbyschang
Questions?
Feel Free to Contact Me
Bobby Chang
twitter.com/bobbys...
SharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
Prochain SlideShare
Chargement dans…5
×

SharePoint Permissions Worst Practices

108 507 vues

Publié le

Don't be deceived by the simplified experience of managing SharePoint permissions! What appears to be harmless could tailspin to a giant mess, requiring massive cleanup. This presentation walks through real-world scenarios and pitfalls of permissions administrations, so you could learn from the mistakes of others and not end up digging yourself into a SharePoint permissions hole.

View a recording of the session here: https://www.youtube.com/watch?v=Poh4zxHTNvw

Publié dans : Technologie, Design
  • How to Get Automated winning picks for NFL, NCAA and MLB? ★★★ http://ishbv.com/zcodesys/pdf
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • ➤➤ How Long Does She Want You to Last? Here's the link to the FREE report ★★★ http://ishbv.com/rockhardx/pdf
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • You can now be your own boss and get yourself a very generous daily income. START FREE...♣♣♣ http://ishbv.com/surveys6/pdf
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Thank you so much for this wonderful presentation. Very well explained!
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

SharePoint Permissions Worst Practices

  1. 1. 1 | @bobbyschang | bobbyschang.com Worst Practices Bobby Chang @bobbyschang
  2. 2. 2 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Contact Info • slideshare.net/bobbyschang • linkedin.com/in/bobbyschang • @bobbyschang • bobbyschang.com Bobby Chang Consultant, Microsoft Certified Trainer er er
  3. 3. 3 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Why Worst Practices?
  4. 4. Rather Than a List of To-Do’s
  5. 5. 5 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com At Times It’s More Effective (and Fun) to Share What NOT To Do
  6. 6. And Scare You Share With You Its Consequences
  7. 7. SharePoint Permissions Basic Overview
  8. 8. 8 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Permissions Fundamental To Provide or Restrict Access to SharePoint Content
  9. 9. 9 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Site Collection Site List / Library Item Child Site
  10. 10. 10 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Site Collection Site List / Library Item Child Site Break Inheritance
  11. 11. 11 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Site Collection Site List / Library Item Child Site Break Inheritance
  12. 12. 12 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Permission Level Determines how much access a user has
  13. 13. 13 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Contribute • CRUD (Create, Read, Update, Delete) content • Potential Audience = Team members, Content managers Read • Consume content • Potential Audience = All employees, Clients Full Control • “The Kitchen Sink” • Potential Audience = Site Administrators, Power Users
  14. 14. 14 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com “Edit”
  15. 15. 15 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Edit Contribute
  16. 16. 16 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Delete List/Library Edit is NOT recommended!
  17. 17. No Planning Worst Practice
  18. 18. 18 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Right?!
  19. 19. Planning Matters Planning matters
  20. 20. Photo Credit – Matthew Keagle & Creative Commons Do you have a permissions strategy?
  21. 21. 21 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com - What is purpose of the site? - To gather vs. to share info - Extranet vs. Intranet - Who’s the target audience? - Who are the content editors? - Who are the Power Users? - Will there be confidential info? - Do you have compliance to follow? - Is anyone outside org invited? - How will permissions be governed? - How will you document? - What is the training plan?
  22. 22. 23 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com “A governance strategy is never static – it is a living, breathing process and a set of rules that you should live by, not die by!” --Christian Buckley, Microsoft MVP @buckleyplanet
  23. 23. 24 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com SharePoint platform (and the cloud) matures Governance should evolve as your
  24. 24. 25 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com 2007 2010 2013
  25. 25. 26 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  26. 26. 27 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  27. 27. 28 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com For instance…
  28. 28. 29 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Office 365 Group SharePoint
  29. 29. 30 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Office 365 Groups & its SP Site permissions go hand-in-hand
  30. 30. 31 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com SharePoint Site Owners (Full Control) Site Members (Edit) Site Members (Edit) Office 365 Groups Owners Members Guests (External Users)
  31. 31. 32 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Understand Impact Plan Communicate
  32. 32. “Full Control” for Everyone Worst Practice
  33. 33. 34 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Create & Delete Sites Create SharePoint Groups Manage Permissions Activate & Deactivate SharePoint Features Create, Update, Delete List/Library View Generate Site Web Analytics Reports Create, Modify, Delete SharePoint workflow Create, Modify, Delete Site & List/Library Columns Delete Site & List Template Delete Master Page & Page Layout Add, Update, Delete Pages Add, Update, Delete Web Parts Etc. etc. etc.
  34. 34. 35 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  35. 35. 36 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  36. 36. Dear Site Managers, You play a pivotal role to SharePoint success (or failure)
  37. 37. When asked to pleeasseee have access to EVERYTHING
  38. 38. Image Credit: © SheKnows LLC Let’s not rush to give Full Control
  39. 39. 40 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  40. 40. 41 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • “Everything” may pertain only to Documents • “Access” could mean Read, Update, and Delete Contribute (more often than not) is sufficient
  41. 41. 42 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Check or Refine governance policy Ensure required training completion Consider other permission level • Admin privilege without site provision or security control • e.g.: Design
  42. 42. 43 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Thy requests must go through me … It’s not that you’re a control freak
  43. 43. Simply can’t have everyone manage your site
  44. 44. Assigning Permissions to Individual Users Worst Practice
  45. 45. 47 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Team Growth • Role Change: – Expanded Responsibilities – Rolling Off Project – Promotions • Onboarding New Employees • Employee Departures
  46. 46. 48 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Where in the World is Carmen Sandiego?
  47. 47. 49 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Hard to know who has what access • Cumbersome to manage existing permissions • Out-of-Box “Check Permissions” function is rather limited
  48. 48. Instead, Use … SharePoint Group
  49. 49. 51 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.comThen Add or Remove Users from the Group First, Assign Permissions to SharePoint Group
  50. 50. 52 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Microsoft recommends AD (Active Directory) Group SharePoint On-Prem 2013/2016 Security Group in Office 365 SharePoint Online
  51. 51. 53 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com AD Group
  52. 52. 54 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Recommended by MSFT for performance • Use AD group in SharePoint only if – AD group definition is well defined – IT Team is proactive in updating membership • AD Membership should be up-to-date to ensure proper access in SharePoint
  53. 53. Default Settings for SharePoint Groups Worst Practice
  54. 54. 56 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  55. 55. 57 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  56. 56. 58 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Site Managers could be locked out • Be Mindful of Default Settings when creating new
  57. 57. 59 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com ALWAYS assign a group as group owner Preferably Site Collection Owner or Site Owner group Default -> the user who created group
  58. 58. 60 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Instead open membership list to everyone Default -> only Group Members can view
  59. 59. 61 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com What to Look for When Breaking Site Inheritance
  60. 60. 62 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  61. 61. 63 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Reflect and Assess! Do I really need unique site permissions? Do I need all 3 new SharePoint Groups? Is there an existing group that I can use?
  62. 62. Item Level Permissions Worst Practice
  63. 63. 65 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Item = Document or List Item • You can set permissions at the Item Level
  64. 64. doesn’t mean you should Just because you can …
  65. 65. 67 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • SharePoint View doesn’t differentiate unique item permissions • Permission needs to be updated to each item • Could lead to performance issue
  66. 66. 68 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com F A C T : Reduced performance after 5,000 unique inheritance See Microsoft reference: http://bit.ly/1iMmyiC
  67. 67. 70 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  68. 68. 71 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  69. 69. 72 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Promotes SharePoint Content Convenient and Readily Available Great Tie-in with other components e.g.: Delve, OneDrive For Business, etc.
  70. 70. 73 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  71. 71. 74 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com After all, sharing is caring. Right!?
  72. 72. 75 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  73. 73. 76 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  74. 74. 77 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  75. 75. 78 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Item Level Permission (Worst Practice #5) Permissions for Ind. Users (Worst Practice #3) Oh so easy Share a File in SharePoint + ________________________________
  76. 76. 80 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com (Site Permissions > Access Request Settings)
  77. 77. 81 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com But don’t fight against the Microsoft wave
  78. 78. 82 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  79. 79. 83 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com In Office 365, you have options
  80. 80. 84 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  81. 81. 85 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  82. 82. 86 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  83. 83. 87 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  84. 84. Fun with Limited Access *BONUS* Worst Practice
  85. 85. 89 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  86. 86. Because Limited Access is The Devil
  87. 87. 91 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com If user is not declared in site permissions, Permissions given to a user at library or list level leads to “Limited Access” creation for user at the site level Site List / Library Limited Access Contribute
  88. 88. • Hard to identify where access was granted • Clutters site permission • No easy clean-up process
  89. 89. 93 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com *IMPORTANT! When you Delete Limited Access from site, SharePoint automatically Removes the unique Permission in Library/List/File Site List / Library Limited Access Contribute
  90. 90. 94 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Limited Access can now be hidden
  91. 91. 95 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Already in a Permissions Hole?
  92. 92. 96 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com First Things First – Stop the Bleeding! e.g.: Change Full Control access for unqualified folks to Design
  93. 93. 97 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Assess the Damage and Document Findings
  94. 94. 98 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Third-Party Product Out of Box PowerShell
  95. 95. 99 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Site permissions page • Unique access are displayed in yellow Pro: Free (with SharePoint) Con: Manual Process and needs to be done per site
  96. 96. 100 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Could run report on almost anything • You don’t have to reinvent the wheel e.g.: Check out this script http://bit.ly/1bH9f1v Pro: Highly Customizable, Repeatable, Powerful Con: Require proper access and knowledge
  97. 97. 101 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Complexity of SharePoint permissions may warrant a third-party tool investment • List below is recommended by community Note: NOT a personal endorsement
  98. 98. 102 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Few Considerations During Permissions Clean-Up
  99. 99. 103 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Remember that it’s a process! i.e.: You may not get it done in 1 day
  100. 100. One is the loneliest number  Gather requirements  Talk to business users  Leverage other team members Photo Credit - The Daily Journal
  101. 101. 105 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com For worst case scenario…
  102. 102. 106 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Consider starting over
  103. 103. 107 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Photo Credit: Lucasfilm / Paramount • Inherit all permissions in site collection • Manually re-configure all permissions It’s high risk, high reward
  104. 104. 108 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com •Get executive buy-in Gather needs from business functions Devise plan with Content & Site Managers Communicate impact to end users
  105. 105. 109 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com Mitigate Survey the Field Clean Up Manage & Control Do NOT forget this step!!
  106. 106. 110 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com • Enforce permissions governance • Gain leadership support: – Illustrate level of effort to remedy issue – Quantify the business impact ($) • Form & engage Governance Committee • Provide continuous training for Site Managers
  107. 107. 111 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com People Process Tool Assign Roles Define how to periodically access Choose system for monitoring
  108. 108. 112 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com (Under Site collection Settings)
  109. 109. 113 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  110. 110. 114 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  111. 111. 115 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com
  112. 112. 116 | @bobbyschang | linkedin.com/in/bobbyschang | bobbyschang.com “The greatest accomplishment is not in never failing, but in rising again after you fall” --Vince Lombardi Photo Credit - Journal Communications, Inc.
  113. 113. linkedin.com/in/bobbyschang bobbyschang.com @bobbyschang Questions? Feel Free to Contact Me Bobby Chang twitter.com/bobbyschang slideshare.net/bobbyschang

×