JoelBlogs - Joel Jeffery's Microsoft 365 Blog

Microsoft 365, SharePoint, Teams and Office 365 Architecture, Development, Administration and Training

SharePoint Thing a Day – 022 – Security. Don’t go Mad with it, 007.

by

Don’t go Mad with it, 007

In Thing a Day 21, we talked about applying Permission Levels to People and Things. (http://1jj.uk/spthing021)

Every time you apply permissions to a specific item in SharePoint – whether it’s a Sub-site, List, Library, Folder, File or Item, you break inheritance of permissions.

And SharePoint’s performance suffers a little more each time.

People often come to SharePoint with the idea that “Folders are Evil.” See Thing a Day 3 and 4. (http://1jj.uk/spthing003, http://1jj.uk/spthing004)

But Folders can be your friend.

A common mistake in large libraries is to allow users to secure individual documents.

SharePoint will only let you do this up to 50,000 times in any one library.

Avoid securing a lot of individual files. Group them in Folders, and secure those instead.

Better still, try and design your hierarchy to have as few instances of broken inheritance as possible.

To sum up, why secure a File, when you can secure a Folder?

Why secure a Folder, when you can secure a Library?

Why secure a Library, when you can secure a Site?

For best performance, apply Permissions only at the Site Collection level.

SharePoint Thing a Day – 021 – Security. SharePoint Permissions in 60 Seconds.

by

SharePoint Permissions in 60 Seconds

SharePoint Permissions are almost, but not quite similar to those on an NTFS file share.

The big difference, is there is no “break inheritance and cascade”. Other than that, it works like this:

SharePoint can use its own groups, or Active Directory or Claims groups.

Every new Site Collection you create, you have to recreate and populate any groups you want to be consistent across your Tenancy.

If you can use AD or claims groups, it’s easier to manage.

In SharePoint you can permission: Sites, Libraries, Folders, Files, List Items and many more.

There are 33 Permissions that can be granted.

That’s everything from View, Open, and Delete Items,

to Manage Alerts, Customize Pages and Manage Permissions.

You can’t grant these directly.

Bundle them up into a Permission Level, and grant that instead.

To grant permission is to give a Person or Group a Permission Level on a Thing.

To do that you must Break Inheritance of permissions of the Site, Library, Folder, etc that you are granting permission on.

Tada!