Solving SharePoint Permissions: A Simple Guide

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys it's Matt here with another video and today I'm going to talk to you about permissions Management in SharePoint and how to configure those things in a way so you won't cause a huge mess for yourself and you'll have a really really good governance over your content and your users in SharePoint so if you're one of the site owners in your SharePoint space at your organization you're probably managing a lot of site content areas where you're storing files and a lot of areas that people manage to access those files when it comes to troubleshooting access and mitigating issues that you see dayto day you can start to bury yourself into a complex permission situation what I call the permissions nightmare if you end up spending a lot of your time checking for permissions for users and trying to find out who needs access to what chances are that you have a really bad strategy set up for your overall permissions setup in SharePoint too often we see many organizations that just have permission setup everywhere all over the place and at some point the administrator can't even really figure out how their setup is really configured so we want to keep things as simple as possible one thing that comes to mind is what they call the kiss method I think this was set up way back in the 60s Naval commanders and navy people were saying the best systems are the ones that are just simple it stands for keep it simple stupid I don't know who's stupid in that scenario but it's the people that are over complicating their permissions and SharePoint in this case so that you can get out of the business of managing your SharePoint permissions all day long and get back to doing other stuff that you need to do Microsoft wants you to kind of follow a certain way that their permissions behave and the way they Cascade through their data we want to honor some of that stuff and call it out here so we really advocate for some things that Microsoft has already instilled in your SharePoint space and then talk about a couple additional features that you'll see in the video to help mitigate some of the issues that a lot of site owners face so let's talk about some of the obstacles that keep you from keeping your permissions simple there are about four things that come to mind one of the biggest ones is that permissions Cascade through your SharePoint sites if you didn't know this by default when you set up permissions at the top level of a site they're meant to kind of flow down into your site contents so your document libraries your subsites folders within your libraries within your lists when you set up permissions for somebody to maybe access your site Chances Are by default if you haven't changed anything else they can get in everywhere else within that one site so it's common for site owners if they're not aware of this to assign permissions everywhere even if the user is having an access issue that isn't related to SharePoint permissions if they can actually get into the space but something else is going on a site owner might just give them access again and this can just make a huge mess of things and have duplicate permissions everywhere across areas that you really don't need it the second thing kind of follows with this behavior is when you set permissions everywhere you're sometimes breaking permissions if you set up unique permissions at one of these levels say in a folder or a library somewhere you're just designating another area that you have to go to to manage permissions separate from that original level if you do this on files on folders on libraries you're just going to have so many other dashboards that you have to manage and it will drive you crazy I promise I've been there it will make you go nuts the third thing that I see site owners tend to do is to put all of their content into one location when it really should be broken out across multiple site collections so if you're one of those users with a subsite or many subsites or folders within libraries it's time to rest strategize how your content is organized at your company and maybe break it out across multiple site Collections and designate those top levels as the way that you look at and check permissions for troubleshooting the last thing that I want to call out is how access is actually given especially in modern SharePoint many users don't know what they're actually doing when they're granting links or sharing out access to certain pieces of content or spaces in SharePoint these days and whether or not they're actually giving the user limited access or breaking permissions by sending the link out so we're going to talk about some of that too so let's talk about getting over some of these obstacles as a site owner when you navigate into site permissions you're going to be able to find a lot of those site groups like site own owners and site members and navigating into those group settings and toggling off who can add more members to those groups is really key so we Advocate that you restrict some of that membership management to just the site owners so no site members can give other site members access to be a site member for example um when you're there you can also disable access requests so that users who are finding sites that they shouldn't be on they won't be sending you emails trying to get access to something that they don't need um and even going a little bit further in SharePoint Administration you can actually disable the feature for external guest sharing so users that want to plug in their Gmail to share some stuff personally on their personal file they won't be able to even put that information in so you can lock down your SharePoint sites in really good mistake proof ways to keep users from meddling with other areas without you knowing so one of the things you can do as a site owner today is go into the site permissions of your site and find those groups that have access to that specific site so if I'm going into site permissions I can see a lot of those owners already see who's in them but if I go into the advanced permission settings I'll find those groups go into those groups and check the settings on those groups so I can manage group settings for each of these spaces and define whether or not the group members can add more members or maybe I think it's time we locked that down to just some of the group owners that can add those those memberships so it's good to kind of restrict as much of this as you can and keep the site owners of each group as the the key holders to the rest of the group itself so that people don't go in start adding folks that you don't want them to in addition to that you can also disable things like access requests so on a site somebody may be wandering around in your tenant in your SharePoint space and find a site that they don't have access to they get that access denied and they want to ask for Access you can actually turn that off and help save some of the stress of site owners getting emails wondering why this person is trying to get access to a site that they don't actually need as a SharePoint administrator you can even turn off external sharing to people outside of your organization which if you're comfortable with doing and you don't need to give outside users access to your SharePoint space we highly recommend as well the second thing I think is a really good idea is to break up your content across multiple site collections especially in cases like an employee portal or a big project space where you have a lot of site owners if you're working in one site today that means you may have to give multiple site owners access to different areas of that site whether it's a fors library that Dan is in charge of or a policies library that Laura is in charge of maybe Laura needs her own site collection to do forms and templates and maybe Dan needs policies to be over here so in this case it's really important to give your site owners their own kingdom or their own sandbox to play in because if you put all your content in one spot and you have many people going to that content you're going to end up breaking permissions and you're going to create that permissions Nightmare and you're going to go crazy anytime you're creating a new site in SharePoint you end up with two to three default groups you've got your site owners with full control your site members with contribution access and your site visitors with read access and you really want to stick to those groups I get it you you can create custom SharePoint groups and throw people in that you can Define custom types of permissions for those groups but again that gets away from this whole idea of keeping it simple stupid keep it simple use those three groups try and at least start out with managing those groups before you try and think about whether or not you need to do anything else different now with those permissions groups try and honor that idea that permissions are supposed to Cascade through the whole site Microsoft has set it up this way assume that when you add a site owner at the top level of a site they're a site owner of everything in that site including the document library or any lists or any subsites contributors are the same way your site members should be able to kind of go in and create content where they need to and a site visitor should generally be able to read all of that content and maybe download it so again try not to break permissions as much as possible don't designate a new site owner on a suevel of a site just keep it all at the top level keep it simple stupid keep it St keep it simple keep it stupid also while we're talking about those SharePoint permissions groups we should talk about adding people so if you're adding people to those groups in your SharePoint site try and use active directory as much as possible if you have groups designated in your active directory maybe your it is set that up in your tenant space then you can pull those groups automatically into SharePoint which does a couple different things not only does again it keep everything simple but when new employees are onboarded or leaving your company they kind of fall off those active directory groups and they'll actually fall off those SharePoint groups as well because those active directories are kind of synced to where youve put them in SharePoint so that stuff is kind of meant to work like clockwork so that you aren't the sub it office managing permissions for SharePoint the way that your it office is doing it for your whole organization teams is actually built on top of a SharePoint team site so we're still talking SharePoint but in the teams interface you may find that you can only add site owners and site members there's no site visitors CU teams is really a collaborative space somebody owns a team or a project and then we're all members of that and we can kind of add content and upload documents and what have you so again the rule of thumb here is keep it simple keep it stupid let your owner kind of manage that and give membership to those people so that they can access that site area but there's no site visitors there's no broken permissions inheritance you'll notice that when you drag and drop files into a Channel or a chat SharePoint will kind of automatically manage that stuff on the SharePoint team site and they'll create a folder for each Channel and they'll upload that file to your document library and make it accessible from the channel so all that kind of stuff kind of happens autonomously and you really don't need to do anything with permissions other than add your members to your team and remove them when you're done so we covered a lot of ground today but really what I want to get down to you is this stick with those SharePoint permissions groups those default ones that you get with the site and honor the way that permissions Cascade through your SharePoint sites that's probably the two biggest starters and then when users come to you with access issues start looking at the bigger picture and wonder why they're running into those is it a glitch is it something to do with where they're trying to get into should they be able to have access to that area maybe it's time to rethink some of the way your content is organized across those sites or who your site owners are a lot of this comes down to how your users are sharing that content what they can get away with and what they're limited to do in SharePoint and really giving yourself that centralized location to manage those users and your data in SharePoint all in all what a lot of this comes down to is making sure you play with SharePoint the way that Microsoft wants you to and give yourself that One-Stop centralized location to manage both the people and the data from an access perspective

Info

Channel: Bulb Digital

Views: 9,022

Rating: undefined out of 5

Keywords: sharepoint, sharepoint online, sharepoint online tutorial, learn sharepoint online, free sharepoint online tutorial, sharepoint permissions, manage permissions sharepoint, m365, microsoft sharepoint, sharepoint team or site, sharepoint access, sharepoint tutorial, how to use sharepoint

Id: 8g9BDRPY5qc

Channel Id: undefined

Length: 10min 59sec (659 seconds)

Published: Thu Nov 30 2023