Security is an important topic, if not the most important one. But SharePoint security management isn’t innate for the most of us… What ways do you’ve got to enforce your security? Does it take 3 PHDs to get there? Well, not exactly! But they’re things you need to understand, like SharePoint user permissions, to better secure your environment from internal AND external threats.
User permissions are a key point of SharePoint security management. They will define who accesses what and where in your SharePoint environment. You wouldn’t let your most confidential accounting files on the front desk would you? Well, this is something you also need to consider when allowing access to certain parts of your environment. It may have a lot more impact than you’d think!
SharePoint Security Management tips: Permissions
I guarantee you, if you start applying these rules when granting permissions, your environment will be leak-proof! There are many ways to manage and update users permissions in SharePoint. Needless to say, Sharegate does this very simply!
In this video, I want to talk to you about some of the things you got to watch out for when you’re looking at SharePoint Security.
Hi. My name is Benjamin Niaulin, I’m a SharePoint MVP here at Sharegate in the Montreal office. And the reason why I wanted to talk to you about SharePoint Security in terms of permissions and access is, we’ve just finished a webinar with my friend Antonio Maio, which I encourage you to check, and the link will be available here in this post.
SharePoint Security Misconceptions
But there seemed to be a lot of confusion where especially these days because we’re talking Office 365, we’re talking OneDrive for Business, we’re talking groups, we’re talking SharePoint on premises and they’re all the same, right? They’re all SharePoint. But we give it different names and suddenly we are reaching a lot, lot more people that are doing different things with this platform and I love it. But we have to understand how it works in terms of security management. So first, you have to understand that SharePoint works with obviously users and they will come from your active directory or they’ll come externally, which we call external users in some cases. But it could come from essentially anywhere. And then we’re going to want to grant them access to the things that we have and the only thing, now I stress, only thing you can grant permissions to in SharePoint, no matter how you call SharePoint these days, it’s going to be at the site level. So this could be a site collection sites, sub-sites, but we mean the site object.
Granting SharePoint users Access Permissions
It can be at the list in libraries within this site so you can break it there and stop managing permissions in there as well. You can go inside these lists in libraries and create folders and manage permission differently there and then finally inside of these folders you’ll have documents or list items if you’re in the list. And you’ll be able to break permissions and managing them there. Notice I often talk about breaking permissions, that’s because in SharePoint, security works in this particular way. Everything inherits the same permission as the object that it’s in. So if I’m in library and I’m inside a site by default, the people will have the exact same access to me, the library, as they had on the site above. So, if you want to manage it differently at that library level, you’ll have to say, “Hey, break permission inheritance. Stop.” It will copy the permissions that existed above in the site level in this case. It will copy them to your object, which in this case is a document library. And then it will allow you to manage them yourself. However, if you remove these people that were copied add new people, and hopefully you’re never granting permissions to people directly, always groups.
If you add these groups, what’s going to happen is to the object above, they’ll get granted limited access automatically. They need to pass through the site above to go to this object below which is a document library that they have access to. So don’t worry if you see limited access. In fact, never worry about it. If you do choose to clean your limited access in your security, make sure that you use a smart tool. Well, obviously ShareGate is one of them. So I won’t start doing product pitches. Look at the tools. However, because why I say this is if you choose to remove limited access, it may impact the permissions that are placed on the document library because SharePoint is smart enough and say, “Well, if you can’t pass through the site above the document library to get to the document library by removing the unlimited access that was automatically generated.” If you remove that, then SharePoint is going to say, “Okay, well I’m also going to remove that access to that person or that group at the document library level.” And that can really become chaotic quickly. So be careful with that.
Leveraging Groups for your SharePoint Security Management
Another tip, if you’re going to be looking at managing SharePoint Security with groups, it’s very, very crucial that you have a healthy, active directory and manage your permissions from one place. Active directory, you can create these groups and then put them in SharePoint groups if you like but there are some impacts in creating groups and managing just in SharePoint groups. I strongly encourage you look at our detailed webinar that we’ve done with Antonio Maio here. Again, the link is mentioned in this post. Security is not something that is not easy to manage. It should be controlled and heavily well managed by you or the IT whoever is in charge of Office 365 or OneDrive for Business or SharePoint, but you need to take charge of it and you need to understand how it works.
Again, this was another episode of Between Two Farms talking SharePoint Security. I’ll see you next week.