When managing a SharePoint solution, there are an infinite number of ‘best practice guides’ to resort to. On one hand, some are written by knowledgeable and reputable authors, and on the other, they are written by basement System Administrators. In reality, it is hard to know what information is reliable and what is not. Managing SharePoint security designs is a large part of a SharePoint Admins’ role; often times, individuals are hired specifically to manage the security infrastructure internally and surrounding, the Sharepoint solution.
It seems as if the specific knowledge required to manage a SharePoint solution is not up to par with what availability of SharePoint software has to offer. Microsoft markets sells SharePoint as a ‘plug and play’, easily deployable and integrated solution. However, many may agree, SharePoint isn’t as “set it and forget it” as it seems. And why is that? If Sharepoint Security design is problematic, why has the solution been so widely adopted? Other collaboration softwares do exist, so other options are available. But, deploying SharePoint is critical in most large organizations.
After all, the real reason many individuals have trouble with SharePoint is a mix between lacking the prerequisite knowledge and continue to follow the ‘best practice guides’ for security design that are not fitted for their organizational needs. Let’s take a look at what Microsoft suggest for best practices for SharePoint security design:
- Establish a clear hierarchy of permissions and inherited permissions
- Arrange sites (web) and sub-sites, and lists and libraries so they can share most permissions
- Break permission inheritance as infrequently as possible
- Assign permissions at the highest possible level
- Minimize unique and fine-grained permissions
- Avoid security design for large list/library in which all or most content must be uniquely secured (item-level)
While these guidelines may be fit for many organizations, they are not fit for all. “Arranging sites so that they can share the most permissions” isn’t an option for some organizations, depending on the industry. Organizations that work with research and development, intellectual property, and finance may be particularly reluctant to follow this guideline.
The suggestion to “break permission inheritance as infrequently as possible” would also be incorrectly applied to the aforementioned organizations. Especially in finance, there is a need to break permission inheritance frequently for the purpose of preventing insider trading, hostile takeovers, and data leaks.
The point is, whether you belong to a 5-person SMB or 5,000-person Enterprise you must pick the SharePoint security design that best fits your needs. Regardless of your size, GB&Smith and 365View are here to help manage your SharePoint solution security design and permissions.