By default, only SharePoint members can access stored files. Exercise caution when authorizing access to SharePoint sites.
As required by regulations and recommended by industry best-practices, SharePoint allows Site Owners to grant access to data upon a user’s request in emergencies like imminent danger to the health and safety of a person or the public. Also, SharePoint offers to assign access rights to individual files. Protect OU data stored in SharePoint by:
- Use groups to manage permissions. Many Site Owners, if they want to quickly grant access to SharePoint, assign permissions directly to users. Assigning permissions to users can potentially expose OU data to those who are not authorized, causing leaks of sensitive information and creating more work for the Site Owner. SharePoint security is permission driven. There are three main security groups in SharePoint:
- Site Visitors are read-only users who can view and download content from SharePoint sites.
- Site Members can read, download, add, edit, delete and share content.
- Site Owners are full-control users who do everything Visitors and Members can plus they can configure site security, add web parts, etc.
- Decide site members and access levels. Carefully think through which users need access, and to what level.
- Leave Item-Level permissions as they are. Item-level permissions can be used as a quick fix to grant access to specific files, but you should avoid using them wherever possible. SharePoint does not offer an easy way to see and administer all of the special permissions assigned in this way, and it is easy to lose track of access. Instead, group items into libraries or folders and assign permissions to the groups of files.
- Break inheritance. To restrict access to those who need-to-know, Site Owners can block permission inheritance at any level in the SharePoint hierarchy.
- Page permissions. Edit page permissions to limit users with the Contribute permission level the ability to click on the Page Tab, Edit button and start moving around (or deleting) elements on your pages.
- Review access. Regularly review SharePoint access lists on a quarterly basis.