locked
Managing/Desiging/Organizing Security Permissions User Groups RRS feed

  • Question

  • Hi,

    I am looking for an article paper or discussion or book explaining how to design/prepare SharePoint2010 security groups organization for real world scenarios.

    I have a Team sites  collection with multiple sites , I require unique permissions at site level with permission at list/library level and item level. How should I approach permissions given in SharePoint 2010 I already how permission work in SharePoint2010 I am interested in learning approach for designing permission groups/managing security permission groups.

    Considering Team site with multiple sites should I created Group with read,contribute..etc from route site level and inherit them or should I created separate at site level and for list/library unique permissions should I create new groups for these libraries whom can be only be used by specific users/groups? or for list/library users should be added for unique permissions to be granted.

    What are best practices for creating groups , organizing security groups /permission and best approach when designing a new / modifying SharePoint2010 site ?

    Thanks

    Tuesday, July 2, 2013 10:58 AM

Answers

  • You might already know this but your post is a little unclear. As a reminder all SharePoint groups exist at the site collection level, although you may only use them at the folder level the groups always exist in the root web of the site collection.

    In terms of usage then you should inherit where possible, file level security is infamous for being unmanagable in the long run.

    Use groups instead of individuals whenever possible as it makes maintaining the permissions a lot simpler.

    Tuesday, July 2, 2013 11:06 AM
  • Hello,

    Group can always be created at site level (not list/library level) so go with group. You can create group at top site collection level  then allow to inherit them for subsites as well. Later you can break the inheritance at subsite / list / library level and change the group permission level. (However if your business need not fulfill by default permission level then you can also create custom permission level and assign this custom permission to group)

    If you have any AD group then you can directly add that AD group to your sharepoint group and assign the permission based on your need. I don't think there is any imp thing for creating group except don't give same keyword for group naming.

    To understand SP permission please read this:

    http://technet.microsoft.com/en-us/library/cc721640%28v=office.14%29.aspx

    Let us know if you have any question


    Hemendra: "Yesterday is just a memory,Tomorrow we may never see"

    Whenever you see a reply and if you think is helpful, click "Alternate TextVote As Helpful"! And whenever you see a reply being an answer to the question of the thread, click "Alternate TextMark As Answer

    Please feel free to unmark answer if does not resolves your problem.

    Tuesday, July 2, 2013 11:48 AM

All replies

  • You might already know this but your post is a little unclear. As a reminder all SharePoint groups exist at the site collection level, although you may only use them at the folder level the groups always exist in the root web of the site collection.

    In terms of usage then you should inherit where possible, file level security is infamous for being unmanagable in the long run.

    Use groups instead of individuals whenever possible as it makes maintaining the permissions a lot simpler.

    Tuesday, July 2, 2013 11:06 AM
  • Hello,

    Group can always be created at site level (not list/library level) so go with group. You can create group at top site collection level  then allow to inherit them for subsites as well. Later you can break the inheritance at subsite / list / library level and change the group permission level. (However if your business need not fulfill by default permission level then you can also create custom permission level and assign this custom permission to group)

    If you have any AD group then you can directly add that AD group to your sharepoint group and assign the permission based on your need. I don't think there is any imp thing for creating group except don't give same keyword for group naming.

    To understand SP permission please read this:

    http://technet.microsoft.com/en-us/library/cc721640%28v=office.14%29.aspx

    Let us know if you have any question


    Hemendra: "Yesterday is just a memory,Tomorrow we may never see"

    Whenever you see a reply and if you think is helpful, click "Alternate TextVote As Helpful"! And whenever you see a reply being an answer to the question of the thread, click "Alternate TextMark As Answer

    Please feel free to unmark answer if does not resolves your problem.

    Tuesday, July 2, 2013 11:48 AM