vSharePoint User Group March Presentation – SharePoint Conference 2014 Review

Here are the assets from my presentation last Thursday at the Victoria SharePoint user group, vSharePoint. In addition to our meetup.com site, be sure to also check out our Office 365 hosted site at www.vsharepoint.com, which has all past Presentations available for download.

In the presentation I share the stories from my trip to Las Vegas to attend the SharePoint Conference 2014.

SharePoint Conference 2014 Review by Keith Tuomi

Thanks to everyone for coming out, Kelly Marshall for MC’ing, prizes and tweetage, and Sean Wallbridge , Microsoft  & Kwizcom for supporting the User Group.


vSharePoint February Presentation – SharePoint External Login Access: Forms Auth vs Azure ACS

Here are the assets from my presentation last Thursday at the Victoria SharePoint user group, vSharePoint. In addition to our meetup.com site, be sure to also check out our  Office 365 hosted site at www.vsharepoint.com, which has all past Presentations available for download.

Thanks to everyone for coming out, Kelly Marshall for doing the prizes and tweetage, and Sean Wallbridge for hosting.

vSharePoint April 2013 Presentation – SharePoint Document Sets

vSharePoint April 2013 – SharePoint Document Sets – PowerPoint PPTX
vSharePoint April 2013 – SharePoint Document Set – PDF
Here are the assets from my presentation tonight, on SharePoint Document Sets to the Victoria SharePoint User Group, vSharePoint (view on Meetup.com).

Thanks to Kelly Marshall & Chris Stone from Sector Learning for hosting.

vSharePoint Presentation – SharePoint Acceleration – Performance for the Rest of Us, Part 2 Revenge of the Milliseconds

Here are the assets from my presentation last night to the Victoria SharePoint User Group, vSharePoint (view on Meetup.com). Thanks to Gerry Brimacombe from Sector Learning for hosting and Heidi Bergstrom for her detailed insight into how Government in BC uses SharePoint.

PowerPoint .PPTX Download: vSharePoint-SharePoint Performance Part 2
PowerPoint .PDF Download: vSharePoint-SharePoint Performance Part 2

vSharePoint Presentation May 31 – SharePoint 2010 Permissions

Thanks to all for showing up last night, we had a great turn out. Cheers to Chris Stone for his presentation on Business Intelligence and to Sector for hosting us again. If you are in Victoria BC be sure to check out the next SharePoint meetup at:

http://www.meetup.com/vSharePoint/
http://www.vsharepoint.com

SharePoint 2010 Permissions Presentation

vSharePoint-SharePoint 2010 Permissions (PowerPoint)
vSharePoint-SharePoint 2010 Permissions (PDF)

1. SharePoint 2010Permissions
2. Access Management Terminology- Permissions – single units of access that represent specific tasks that can be performed at the list, site, or personalization level – permission levels are made up of sets of permissions – SharePoint ships with a core list of permissions that cannot be edited, added to or deleted- Users – smallest value to which access can be granted – value corresponds to an account in Active Directory or another host application for user accounts- Groups – a set of users who will have identical access needs- Securable objects – levels within SharePoint 2010 that can be “locked down,” or secured, by setting specific user access- Inheritance – used to describe how user access is created by default within SharePoint- Security Trimming & Indexing – SharePoint will only show you search results for content you have access to, and for which SharePoint understands the security- Audiences – Used to target content to specific sets of users – Defined in the User Profile Service Application in Central Admin – NOT a security setting but simply a way to display pertinent content to specific users
3. Topology Web Application
4. Permission Levels- Permission Levels are collections of permissions – level of access that users with the assigned permission have is based on the permissions that make up the permission level.- Defined at the site collection- Managed by Site Collection Administrators – Customize an existing permission level – Copy an existing permissions level and edit the copy – Create a new permission level “from scratch”
5. Default Permission CollectionPermission Level DescriptionFull Control -Contains all permissions. -Assigned to the Owners SharePoint group, by default – cannot be customized or deleted.Design – Can create lists and document libraries, edit pages and apply themes, borders, and style – Not assigned to any SharePoint group, by default.Contribute – Can add, edit, and delete items in existing lists and document libraries. – Assigned to the Members SharePoint group, by default.Read – Read-only access to the Web site – Assigned to the Visitors SharePoint group, by default.Limited Access – Designed to be combined with fine-grained permissions to give users access to a specific list, document library, item, or document, without giving them access to the entire site. – To access a list or library a user must have permission to open the parent Web site and read shared data such as the theme and navigation bars of the Web site. – Cannot be customized or deleted. – You cannot assign this permission level to users or SharePoint groups, instead, SharePoint automatically assigns this permission level to users and SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. For example, if you grant users access to an item in a list and they do not have access to the list itself, SharePoint automatically grants them Limited Access on the list, and also the site, if needed.
6. Web Application Policy- Central Administration > Manage Web Applications- Configures policy-based access to all content in a web application- Allow and Deny – Deny overrides any allow permissions- SharePoint 2010 allows you to define policies for any available permission
7. Site Security- Site Actions > Site Permissions- Groups are established at the site collection – Can be given permissions at the site level – Permission inherits down from there – When you create a group you do not have to assign a permission – A group without a permission at the site can still be assigned permissions to another securable object- Create a sub-site – Unique or Inherited Permissions
8. Default Groups- Owners: Full Control- Visitors: Read- Members: Contribute- Features add more groups (Designers, etc.)- The Members group is the “default members groups”
9. SharePoint Groups- Enable hierarchical membership management – Create a group named Site Managers > owned by site collection administrators > membership managed by owner (site collection administrators) – Site members (and other groups) > Owned by Site managers > Membership managed by owner (Site Managers)- Enable Access Requests – Add link to request page for the group – Optionally enable auto-accept of access requests- Control Member Visibility
10. Group Management Comparison- Active Directory – Technical user interface (AD Users & Computers) – No provisioning (requests, workflows) – Difficult delegation of membership management – Centralized security (group membership) management- SharePoint – Non-technical user interface – Easy delegation of group membership management – Optional provisioning of membership requests – Unified view of SharePoint groups & users – Only applies to SharePoint
11. Using Active Directory Groups- Assigning permissions directly to AD groups – Possible but not recommended > Assumes that content will always be hosted in a web application using AD as its authentication provider- Nest Active Directory groups in SharePoint groups – Add to a SharePoint group and give permissions (recommended) > user > Active Directory group > SharePoint group – Must be a security group (not a distribution group) > Distribution groups are expanded and then must be kept in sync- Distribution groups can be used to create audiences
12. To Nest or Not to NestUsers > Active Directory Group > SharePoint group- Ideal world: Synchronization of membership between Active Directory and SharePoint groups- “Intranet” sites: AD groups  SP groups to define access – Add site to users’ My Sites with personalization site links – Support easy management of access – Add site to users’ My Sites with personalization site links- “Collab” sites: Add users directly to SP groups – Provide My Site visibility – Provide visibility of user in user information list – Provide visibility to site owners and members – Support collaboration
13. List & Library Permissions- List > List Settings / Library > Library Settings- Stop Inheriting Permissions – Copies inherited permissions as initial explicit permissions – Can reset with Inherit Permissions button- Ribbon Actions for Selected Group(s)/user(s) – Grant Permissions – Remove User (or group) Permissions – Edit User (or group) Permissions – Check permissions: Resultant set of permissions – Anonymous Access
14. Folder & Item/Document SecurityItems & Documents will be referred to in this presentation as “Items” unless specific difference needsto be highlighted- Change permissions on a folder or item – Item > Arrow > Manage Permissions – When viewing the item properties in SharePoint > Edit Permissions
15. Inheritance- Permissions (role assignments) are inherited from the parent object- Inheritance can be broken – All permissions are explicit – Any changes to parent do not affect the child object- Inheritance can be reinstated – All customizations (explicit permissions) are lost- Use inheritance wherever possible – Simplicity, coherence, maintainability
16. Effective Permissions- SharePoint access is based on a per URI (web address) basis – The permission to the URI is all that matters – These kids are wild: no need to ask the parents permission – No equivalent to NTFS (Windows folder security) Traverse Folder permission- Explicit Inherited – One or the other – Different than NTFS (inherited + explicit)- Check Effective Permissions button – Shows you the actual effective permission level
17. Security Trimming & Indexing- The SharePoint interface and search results are security-trimmed – User don’t see what they do not have permission to read- Item-level permissions on pages in a Page Library – Problem: A Web Part displays items > Users don’t see items they don’t have access to > The crawler sees all items in the web part and indexes them – When inheritance is stopped within a site, all Web Part content on ASPX pages is not indexed by default – Site Settings > Search and Offline Availability > Indexing ASPX Page Content
18. Permission LevelsPublishing Feature Collection Manage – Available only with Publishing Features Hierarchy turned on Restricted Read Publishing Feature Approve
19. SharePoint Security Notes- Columns can not be secured uniquely (out of the box) – Performance – Conditional formatting – Related Lists – Third party solutions- Audiences – Make content visible to users – Effect can be close to security, but it is not security
20. Information Management Policies- In-place records management – New in SharePoint 2010 – Record library still supported for dedicated record libraries- Enable the feature at the site collection level- Declare records management attributes – Site Collection – Folder – Content type- Supports security at the document level withoutpermissions- Information rights policies – Relies on Active Directory Rights Management Services
21. Conclusion- Remember: limited access is for SharePoint to manage unique permissions. It neither means someone is limited to access something, nor does it mean they have limited access to something. Ignore it- Permissions can be defined at creation of a site (more options) but can’t be during creation of a new list or library (in the GUI at least)- When in doubt, check effective permissions- Help your users, set a valid email account for ‘manage access requests’- Finally, build sites based on a ‘team’ of people. Setting individual permissionsshouldn’t be something you do all the time, it should be in the ‘odd timesneeded’ not the goto action
22. Q&A + Contact Any Questions? Contact Details: Keith Tuomi ktuomi@itgroove.net itgroove.net

vSharePoint March 15 – SharePoint Acceleration | Performance for the Rest of Us

Here is the roundup of the SharePoint Performance Presentation I gave at vSharePoint on March 15. Be sure to visit the recently revamped site at www.vsharepoint.com too!

SharePoint Performance MindMap (SWF)
March 2012 vSharePoint Meeting (PDF)

  • Keith Tuomi:  “SharePoint Acceleration | Performance for the Rest of Us”
  • Wolfi Holzmann: “SharePoint 2010 Workflows Authoring in Visio Premium 2010”