Tuesday, 28 July 2009

SharePoint Site Permissions

This week I am going to try and simplify how the Site Security works in SharePoint as it can be as confusing as the Villa manager’s transfer strategy. Who will he sign next? As a SharePoint Consultant for Office Talk I spend quite a few nights in hotels and last week I stayed in an old hotel in Fleetwood just a tram ride from Blackpool. Apart from the fact that everybody else in the hotel appeared to be a lady in her late 70’s, who were all there for a bowls tournament, the hotel stay was very pleasant. It was the kind of hotel that had carpet on the restaurant ceiling and bedrooms that had not yet discovered the modern duvet. The best old fashioned part of all, though, was that my room actually had a ‘real’ key that I could turn and not one of those annoying plastic keys that don’t even remind you of your room number. The kind of plastic cards that never seem to work for me with them refusing to go green even though I have stuck it in three times and said the magic word. Failing to gain access to a SharePoint Site or list can be equally annoying, although I suppose this depends on what you are wearing when you became locked out of your hotel room and discovered your plastic card no longer worked. So what makes SharePoint Site Security so difficult to work out? The blame is often that we create new Sites too quickly and are too keen to accept the defaults. We are all guilty sometimes of pressing the mouse too fast or clicking ‘OK’ too early. When creating a new site from Site Actions – Create – Sites and Workspaces there is a section called ‘Permissions’. Now, by default this is set to ‘Use Same Permissions As Parent Site’ and it is very tempting to keep it this way, but always think about what you really want. If it is off a corporate Home Site do you really want the same permissions? The alternative to ‘Use Same Permissions As Parent Site’ is ‘Use Unique Permissions’ and this allows you to create your own groups and add your own permissions to this site without having to have the same ones as the site above. One reason people take the default is because they can easily change it later. To do this all you do is under ‘Site Permissions’ select the ‘Actions’ tab click ‘Edit Permissions’ this then warns you ‘..Changes made to the parent site will no longer affect this site’. So this stops the inheriting, but doesn’t break all connections because the groups you have listed on this site now are actually still the groups from the parent site. Let’s give an example. When you create a site called ‘Site 1’ (easiest name I could think of) it automatically creates the flowing groups ‘Site 1 Visitors’, ‘Site 1 Members’, ‘Site 1 Administrators’. If you then create a second site below it called ‘Site 2’ and keep the default to inherit then ‘Site 2’ will also use the original ‘Site 1 Visitors’, ‘Site 1 Members’, ‘Site 1 Administrators’ groups. However, if you then choose the option to ‘Edit Permissions’ on ‘Site 2’ the groups listed on ‘Site 2’ will still be ‘Site 1 Visitors’, ‘Site 1 Members’, ‘Site 1 Administrators’. This means that if you add a user to one of these groups you are actually changing the permissions of the parent site ‘Site 1’ not to ‘Site 2’. Hope you are following this. So how do we get around this problem after we have stopped inheriting? The answer is to delete the groups ‘Site 1 Visitors’, ‘Site 1 Members’, ‘Site 1 Administrators’ from ‘Site 2’ and then create new groups on ‘Site 2’ called ‘Site 2 Visitors’, ‘Site 2 Members’, ‘Site 2 Administrators’. I suppose the moral of this is to think very careful when you are creating a new site if you want to have the same permissions as the parent. If in doubt or you think your needs will change in the future then always select ‘Use Unique Permissions’. Now, if I can just work out what Martin O’Neill is planning for Villa next season. Don’t forget to claim your FREE ‘My Team’s Performance 2009/10 Season’ Template by emailing me at andy.dale@office-talk.com. Please tell me which team you support in the Subject title.


Anonymous said...
















itypo said...

Hi, all!

I want to provide helpful tool for SharePoint Permissions.

Our company developed a small web part for determining effective permissions for the users around SharePoint sites. You can read more about it at http://bit.ly/cOe6oT or download it free from our company site http://www.myitechnology.com


sbo said...

thank you so much. fosbobetr good Archive

Thom's Erika said...

I used to be suggested this blog by way of my cousin. I am now not sure whether or not this submit is written by way of him as nobody else recognize such exact about my difficulty. You are incredible! Thank you!

Chyou Ma said...

This is what I have been searching in many websites and I finally found it here. Amazing article. I am so impressed. Could never think of such a thing is possible with it...I think you have a great knowledge especially while dealings with such subjects.
clipping path