SharePoint Permissions – How does access really work

SharePoint Permissions – How does access really work?

In my last blog SharePointPermissions – Friend or Foe, I introduced some thoughts on permissions in general terms.

Let’s spend this week and focus our attention to how permissions work in SharePoint. I think it is important to start with defining what “permissions” are. When we talk about permissions in SharePoint we are talking about access privileges to a site, list, or library. It is as simple as imagining a locked door, only someone that has the right key can unlock the door, open it, and walk through. In fact we use permissions every day in other areas of our lives and never think twice about it. The key to your car, for example, means that only the holder of that key can operate the car. Your credit card that you used to buy groceries last week; it too is an example of a key. It tells the grocery store that the holder of that card has the ability to purchase up to a certain dollar amount. The badge you used to get into the building you work in… yep it’s a key too. All of these keys provide the holder permission to perform certain actions or provide certain types of access. 

SharePoint permissions are no different.

Just like the examples we used above permissions are not just waiting out there for anyone to come and grab. One must request and be approved. For the car, someone had to hand you the keys under the agreement that you would pay for the car. You work badge, yeah that sucker isn’t free either. You get your badge only because you have an agreement with your wonderful employer to work once you enter the building.

Okay I think we beat that horse long enough don’t you? You get it, right? Permissions mean having the key to get where you want to go.

When we talk about SharePoint we step up the permissions talk in introduce the term, “permissions management”. For those of you that had that suddenly had this feeling of impending doom wash over you… take a deep breath, we’ll get through this together.

Permissions Management at its most basic is nothing more than granting or restricting user access. Per Microsoft permission management is comprised of three components:

• Security Groups
• Permission Levels
• Permissions Inheritance

It is the combination of these components that gives SharePoint its security and flexibility. This is also where a lot of people get lost. Why? In my experience it is because they try to make all three mean and do the same things, thus confusing themselves and their permissions. Let’s start with Security Groups.

Security Groups

Most new users and administrators of SharePoint underutilize the SharePoint security group. It probably seems a little too, all or nothing. In fact the proper use of security groups gives the administrator the best possible method of managing masses of people and what they have access to.

A security group is a collection of users, ideally that share common tasks on a SharePoint site. A single user can belong to several groups and many users can be in a single security group. A security group on its own is just a group, a collection of users.

An important note, security groups live at the site level in SharePoint. All of the people (users) that interact with any element of a SharePoint site will need to be accounted for in the site. Lists, Libraries, pages, documents and anything that you can set permission levels for will be looking to the site for its collections of groups and will, by design, want the administrator to choose one of those groups when assigning permissions. Can you assign people permissions without adding them to a group? Yes, but that my dear readers is another blog.

Now, getting back to security groups. We now know that security groups are collections of users that share common tasks or a common purpose. For example, let’s say I was an administrative assistant in a company. Chances are there are other administrative assistants in the company as well and chances are that we, the administrative assistants, perform some of the same types of work and need to access some of the same stuff. If I had a SharePoint site that needed administrative assistants to access a report for my boss then I could create a security group called (yep you guessed it) Administrative Assistants and place myself and my fellow co-workers in that group. So when I provide the group the needed permissions, they all get it at once.

You’ll notice that when we talk about security groups the word permissions seems to follow. There is good reason for that. A security group only has purpose once that group is assigned a permission level.

You know what, I just looked at the time and realized I’ve been typing for a while here. I think I’m going to leave us where we are until next week when we take a walk through the tulips of permission levels.