Avoid Permission Chaos in SharePoint

What are permissions in SharePoint? 

Permissions are a way of controlling who can access and update content in SharePoint. You can grant specific users or groups permissions to access specific areas of your SharePoint site or to perform specific actions.

Now the question remains of how to assign and adjust permissions without creating chaos.

To get straight to the point, SharePoint does not offer a complete overview of which employees have which rights and where. For example, a user’s permissions can be queried individually for each site collection (see section Granting Permissions), but this can quickly become very time-consuming. With a bit of planning and documentation, you can still keep track of things.

SharePoint structures often grow historically and often lose their structure. On the other hand, it would be ideal if the site collections and their content were physically structured in an authorization-driven manner. This means that the order is not primarily based on functions, but on the authorizations of the accessing users.

Permission-driven structure

In day-to-day work, this is not always so easy. As a rule, for example, only one project page is created per project, to which the entire project team has access. Within this project site, however, the content should then be structured in an authorization-driven manner. This means that, for example, in addition to the general library, you create a second library with restricted access. This could be used to store contract documents and the like. The inheritance of the access rights is then broken for this second library.

Alternatively, you can also create two folders within a library and break the permissions for one of the folders. In order to ensure security and access rights, documents may then only be created below the folders.

Documentation of permissions in SharePoint

Companies often forget to document permissions or keep them up to date. This can have fatal consequences, especially when employee responsibilities change. We advise you to hire SharePoint consulting services to be secure and get more productivity out this amazing online platform.

Most of the information is already provided by SharePoint by default, as well as the display of the groups including their affiliation and authorization levels. We can also see who has which permissions on a corresponding page or for an element. The only information missing is where the inheritance of permissions was interrupted. For example, if we look at the permissions on a site collection, they only apply to the child sites if no permissions have been broken. If you want to keep it very simple, you copy the link into a collected document whenever it is interrupted in order to keep an overview of the pages with broken permissions. With many interruptions and many participants, however, this quickly becomes confusing.

Also Read About: Revamp Traditional Business Processes with Innovative Custom SharePoint Development Services

Documentation of authorizations with a matrix table

The listing of all site collections in a matrix table with the respective authorized groups including their corresponding authorization level offers you far more transparency. Below each site collection, only the content that has broken permission is listed:

Create an interrupt log using a new group

In addition, you can also document the interruptions with the help of a new group. For example, this newly created group is called: Interrupt Log. What permissions or members this group has is secondary. The only important thing is to include this group in every interruption and to grant them the appropriate rights. If you then want to get an overview of all interruptions made, open the group permissions of the new group Interruption log in Site settings, Users and groups. There you get an overview of all uses of the group, in our case, this means an overview of all interruptions. Here, however, it is not clear how the inheritance was broken.

Interruption log using a third-party tool

Of course, there is also the possibility of creating reports using various third-party tools, such as SPDockit or Change Auditor for SharePoint. As always, the cost-benefit factor must be analyzed in detail here.

Authorization chaos in SharePoint does not have to be

To work with permissions in SharePoint, some understanding of the structure is essential. Once the structure has been understood and authorizations have been assigned, SharePoint offers good opportunities for defining the employees’ radius of action. The hierarchical inheritance of authorizations reduces the administrative effort.

The crux of the matter is the “exceptions” and the associated breaks in permissions inheritance. If you document this and proceed methodically, you will be spared chaos.

We would be happy to help you with your authorization concept as part of our SharePoint consulting services.