Subscribe to our blog

Your email:

Upcoming SharePoint Events

SharePoint Blogroll

Notes Blogroll

Posts by category

Posts by popularity

Microsoft SharePoint Team Blog

Announcing the release of the SharePoint 2010 Administration Toolkit V1
Thursday, Jul 15, 2010
Back by Popular Request - Live Chats with MVP Experts
Wednesday, Jul 14, 2010
Developing Applications for SharePoint 2010
Wednesday, Jun 30, 2010
Managing Upgrades on Sandbox Solutions
Wednesday, Jun 23, 2010
Installing KB938444
Tuesday, Jun 22, 2010

Posts by Month

Add to Technorati Favorites

SharePoint Administration | Notes Administration

Current Articles | RSS Feed RSS Feed

SharePoint Security 101

Posted by Dave Greten on Thu, Jun 10, 2010 @ 09:24 AM


Poor security can cost you your job. It pays to know the basics.

How SharePoint Security Works

Although signing into SharePoint is a one step process for users, behind the scenes, it actually involves two steps.

In the first step, the user is 'authenticated' by the system. The default method for this check-in is through Active Directory (AD). Metaphorically speaking, this is a visitor being given a key to a house.

After being authenticated, the user is granted access rights to view and edit appropriate documents on the SharePoint server. Continuing the metaphor, this is a visitor being given a set of keys to enter locked rooms within the house.

Access rights are extremely flexible on SharePoint systems. Access rights are typically set on a 'group' level. In this configuration, people in the marketing department have different access rights than people, say, in the finance department. Users can belong to multiple groups, giving them access to a greater number of items.

One of the keys to SharePoint's popularity is how permissions are set. In a SharePoint environment, users set access rights for the items they post. A user can post a document that can be accessed by their own group, another group, or only specific users. If this is not specified, the item defaults to the access privileges of the directory where it resides (ie. documents in the "marketing" directory are accessible to members of the "marketing" group).

Another feature particular to SharePoint is known as "Security Trimming." This means that users do not see content they cannot access. Users only see content they can access (including content returned in a search). This feature avoids needless clutter and confusion.

Managing SharePoint Security

The decentralization of SharePoint security is its greatest strength and also a potential weakness. The benefit is users can post information quickly without the approval of a central administrator. The trade-off is, lacking a central administrator, users can be granted access to documents they are not meant to see.

Where sharing networks with one central administrator err on the side of being overly restrictive, networks run by users err on the side of too much access. It's often difficult for a SharePoint administrator to regain control over an environment. And tools in SharePoint for listing all items' access rights are notoriously lacking. Often a third party tool is required, especially for organizations where security is essential.


Tags: