Managing Permissions in SharePoint (Team Collaboration)

Permissions grant a person the ability to perform specific actions, such as read or write on an object such as a document, or a folder, or a library, or an entire site.
 

Good/Bad Scenario: Your team has a Financial Group that consists of 4 people - John, Jim, Mary and Sue. They have 10 documents that only these people should have access.

  • Bad Scenario: You add 4 people  to 10 documents. John leaves the job. You now have to find all documents and remove him.
     
  • Good Scenario: You create a group called Financials with specific permissions and add 4 people. You assign this group only to the 10 financial documents. John leaves the job. You just have to take him out of the Financials group.

    NOTE: If these 10 financial documents were in one folder/library you could set permissions to the folder/library and not the individual documents.
     
     

Always assign permissions through groups: 

  • Create a group.
  • Give the group permissions (see below).
  • Put people into the group.
     

Create 3 groups, Owners, Members, and Vistors and put people into the group as follows:

  • Site Owners - These people are the Site Administrators. The primary person needs a backup, which is why you need at least two people. But be sparing, don't give too many people this right - FULL.
  • Site Members - These are your team members who would contribute content to your site - CONTRIBUTE.
  • Site Visitors - people from other areas. Could be everyone - READ.
     

The screenshot below shows most Site Permission Levels. For starters, stay with these permissions: Full, Contribute and Read. 

Site Permission Levels. For starters, stay with these permissions: Full, Contribute and Read. 


Permission inheritance

By default, all sites and content inherit permissions from the parent object above it, all the way up to the top-level site in the site collection. Therefore, if you do not break any permission inheritance within a site, the permissions are inherited and shared.  SharePoint allows you to break this inheritance at any site or content level and then to add custom permissions. It is recommended, in most cases, to create groups and give custom permissions to groups.
 
Permission inheritance 
 
NOTEIf an administrator changes the setting for a site from unique to inheriting permissions, the current permissions will be eliminated and the permissions from the parent will replace the existing permissions. This could cause an administrator to lose their ability to edit and manage the site until permissions are restored.
 
 

Inheritance alert bar

A new feature is the yellow alert bar that indicates the secured content that has unique permissions in a site (screenshot below). You can check that content by clicking the Show me uniquely secured content link. The alert bar also indicates the parent site from which you inherited permissions.
 
Inheritance alert bar 

 

Check Permissions - Another New Feature in SharePoint 2010

By clicking the Check Permissions button, you can determine a user or group's permissions on all site collection resources. You can find the user's directly assigned permissions and the permissions assigned to any groups to which the user belongs.
 
Check Permissions  
 
Good/Bad Scenario: Your team has a Financial Group that consists of 4 people - John, Jim, Mary and Sue. They have 10 documents that only these people should have access.
  • Bad Scenario: You add 4 people to 10 documents. John leaves the job. You now have to find all documents and remove him.
     
  • Good Scenario: You create a group called Financials with specific permissions and add 4 people. You assign this group only to the 10 financial documents. John leaves the job. You just have to take him out of the Financials group.

    NOTE: If these 10 financial documents were in one folder/library you could set permissions to the folder/library and not the individual documents. 

 

Advance Settings

You can nest Active Directory groups (to be specific, security groups) in SharePoint groups, which makes permission management much easier. When people come or leave the company, you don't have to manage individual accounts within the AD group; AD DS (Active Directory Domain Services) manages the accounts for you. This becomes obvious when you have multiple SharePoint groups that include AD groups.

Cite: http://blogs.technet.com/b/tothesharepoint/archive/2010/12/21/an-overview-of-site-permissions.aspx