SharePoint groups and permission levels are like chainsaws; they're very powerful tools. They shouldn't be used without a plan or reason. Just like a chainsaw, this would be dangerous. In this case, instead of risking physical harm, you risk security issues. Additionally, lacking a permissions strategy will lead to a permissions management nightmare. The first step to avoiding such a nightmare is to understand SharePoint groups and permissions. Then you'll need to create a permissions strategy before implementing groups and permission levels on your site.
Here are five tips for setting up your SharePoint permissions strategy.
1. Know the Point of the Site
Who's the target audience? What should users be able to do? What should the site be able to do? Who is the site manager? These are important questions to ask yourself. If you know the details, the entire process becomes easier. Learn all aspects of a site before going in.
2. Understand the Site Hierarchy
Building permissions based on the Site Hierarchy makes SharePoint permissions management easier. The site should be set up in a pyramid structure. A few users should have high permission levels. Most users will have low permission levels. If too many users can do too much on a site, it quickly becomes chaotic. In most cases, you can base your SharePoint permissions off of an existing company hierarchy. See if you can adapt any Active Directory or internal structure to your site.
3. Use Permission Levels
SharePoint includes a set of permission levels for a reason. These levels are well documented and balanced to what users need to do. If you mostly keep or build off of these, you rarely have security issues. Sometimes it is necessary to edit or create permission levels. However, the permission levels included with SharePoint out-of-the-box will satisfy the majority of security requirements. If you find yourself creating a lot of new permission levels, something may be wrong. Custom levels are useful, but you should only use them as needed. Check out this post for more information on when to use custom permission levels.
4. Less is More
Don’t overcomplicate security when it comes to content access. Only secure content when there is a real security risk. Over securing content can make it a nightmare for users who need to access content and for the site managers who have to process access requests. Additionally, user adoption will suffer when users cannot access what they need when they need it. Simplifying permissions can help avoid frustration for both the users and site managers.
5. Avoid Breakups
Use caution when breaking permission inheritance. Inheritance is one of the most helpful tools for setting up site permissions. With this functionality, you can assign permissions to a site that flow down to all subsites. You can also break inheritance, requiring further permissions for individual subsites, lists, and libraries. Though this can be an excellent way protect sensitive data, it can cause problems and administrative nightmares when misused. Here's a more detailed description of SharePoint permission inheritance and some common roadblocks.
This blog covered several best practices for creating a permissions strategy. However, it is important to keep in mind that permission management is an ongoing responsibility. The tips provided here should be taken into account when planning a new site as well as making changes to existing sites.