Tracy van der Schyff

#Office365Challenge This is the second post regarding planning your permissions.

Related Posts / Resources:

Default permission levels in SharePoint

Understanding permission levels in SharePoint

How are Permission levels made up?SharePoint Permissions – what’s your strategy? Part 1

As explained yesterday, there are many things to consider before starting to change / apply permissions.

For me the most important part is business rules. Defining these – and sticking to them. It’s much easier to refer to the business rules than trying to make up the rules as you go, on the fly.

In SharePoint you can apply permissions to the following:

• Item level (a document or list item)
• Folder level (in a library)
• App level (a library / list)
• Sub-site level
• Site level
• Top site level

To prevent situations where you have to micro-manage permissions, try to inherit as much of the permissions as you can.

What do I mean by inherit?

For example: You have a marketing site, on this site you have multiple apps for different content. You might also have a sub-site for projects or meetings. If possible, the easiest solution would be to apply permissions for the Marketing group at their top level site, and then all the apps and sub-sites inherit these permissions. This means that when changes are made to the permissions on Marketing’s top level site, it will automatically apply to all apps / sub-sites below it.

• First step – document your current layout of the sites
• Second step – document how, when and why new sites are created (Governance)
• Third step – align the permissions business rules with the above
• Fourth step – Decided which content are not relevant or risk

I would keep content / sites which are disciplines which run across processes and departments on separate sites. That also goes for high risk content. This means that 80% of my content falls in zones where the department / process dictates the permission structures – I don’t have to worry about these or try to manage it.

20% Of the content will now sit in “micro managed” environments. I know this might go against the whole “sharing” of content with anyone outside of your department or team, on the same permission level that you already have. I’m too much OCD for that and yes, that is affected by the type of environments / companies you work with.

You can also apply permissions in the following ways:

• Single person added on site / app
• SharePoint group added (with users add into it)
• Security group added (users are added on AD – away from SharePoint)

From tomorrow I’ll start showing you how to add permissions / create SharePoint groups, add users in them.

Overview of my challenge: As an absolute lover of all things Microsoft, I’ve decided to undertake the challenge, of writing a blog every single day, for the next 365 days. Crazy, I know. And I’ll try my best, but if I cannot find something good to say about Office 365 and the Tools it includes for 365 days, I’m changing my profession. So let’s write this epic tale of “Around the Office in 365 Days”. My ode to Microsoft Office 365.

Keep in mind that these tips and tricks do not only apply to Office 365 – but where applicable, to the overall Microsoft Office Suite and SharePoint.