Join Simon Allardice for an in-depth discussion in this video Understanding permissions, part of SharePoint 2010 Essential Training.
- View Offline
In many companies, we're used to IT being the ones who handle user and group security. Well, in SharePoint, it's your job, it's your problem. Or certainly if you're expecting to be someone who creates and customizes SharePoint sites, it's your job. The security settings in SharePoint aren't hidden away in central administration only for the admin guys. They are right there in a regular site, and it's intended that if you are a site owner or a site collection owner that you understand and work with security. But it's really not that bad, and here's why.
SharePoint, when its installed, is typically hooked up to an existing user directory, usually Active Directory on a Microsoft platform, but it could be something different. It's usually configured to import and stay synchronized with that user information on a regular basis. What that means is that SharePoint knows about your users. You don't have to tell SharePoint, hey, there's a user called Bob Franklin, because SharePoint already knows. But you do have to tell SharePoint what Bob Franklin is allowed to do.
The way you work with this is that SharePoint has what it calls permission levels, which you can think of as roles. Reader, for example, can visit and read a SharePoint site. You've got Contributor who can then edit. You have Full Control. These are the big three roles. There are a few more esoteric ones, but we'll start with these. If you don't have one of these permissions granted on the SharePoint site, you'll get an Access Denied message when you go there. Now, there are two levels of permissions above this.
There's the idea of being a site collection administrator, in charge of a site collection, and the farm administrator. We are not going to talk about those roles, because they are unique. They are granted in central administration and we're working with day-to-day operations of SharePoint. So going back to the user called Bob. Maybe Bob is a Reader in one part of SharePoint, a Contributor in another part of SharePoint, and has Full Control somewhere else. So how do we work with this? Well, first, you have to understand the idea of the site collection.
When a site collection is created, SharePoint makes three security groups for you. A security group in SharePoint is really just a bucket, a container to hold users. These buckets, the Owners group, the Members group, and the Visitors group, can be granted permissions. Owners group has full control, Members group has contribute, Visitors group has read permissions. So rather than individually grant individual users different permissions, which you could do but it's going to get old very quickly, you put your users in the relevant bucket.
Now, you typically set permissions at the top level site of your site collection. So those permissions can be very different across different site collections, and you allow them to cascade down to your sub-sites in your site collection. Now, while you can change the settings so that a top level site and a sub-site have different security settings, it makes it much more of a headache to maintain. Now, in a typical collaboration site, most people will be contributors in the Members group. Few Readers, few Owners.
If you're using SharePoint to make large intranet sites, say for an entire organization, that ratio will change. More Readers, less Contributors. So we're going to work with these SharePoint security groups, these buckets inside SharePoint, and we'll see how to get people in and out of them.
- Understanding a SharePoint team site
- Navigating lists and libraries
- Creating Document Workspaces
- Using versioning and check-in/check-out
- Integrating with Office 2010 applications
- Adding and deleting users
- Creating workflows
- Working with server site templates
- Creating a wiki and a blog
- Working with rich media
- Managing documents and other content
- Sharing information with charts and status indicators