One of the areas of mismanagement that destabilises otherwise well-managed business processes and practices is poor SharePoint permissions management. SharePoint is an immensely powerful business solution. More than simply a platform for document management, SharePoint is a central hub for communication and collaboration for your entire organisation. However, with such great power comes great responsibility (to coin a phrase) and if not managed correctly, SharePoint can be the source of some terrible headaches for your teams across your departments.
If you are using SharePoint the way it was intended, then likely you and your teams are uploading a lot of content to the platform every day. Yet, for most of us, we remain in the dark about who has ultimate access to this content. And it’s here where problems can arise. If you are going to rely on out-of-the-box reports for SharePoint permissions management, you’re not going to be able to see accurately who has what access to your content.
Below are five ways poor SharePoint permissions management can manifest itself in your business. Unsafe SharePoint permissions management can result in work being lost, data being leaked, information being stolen, or see you failing to keep the right levels of compliance—leading to fines and loss of reputation for your business. In short, poor SharePoint Permissions management can set your business back years. By being aware of these areas of potential mismanagement, you can make sure your SharePoint platform isn’t inadvertently working against the best interests of your business.
- Not understanding how SharePoint permissions management works
A good place to begin when it comes to SharePoint permissions management is understanding how it works. Part of the usefulness of SharePoint is being able to orchestrate what end users can and cannot access. Permissions automatically exist whenever you create a new SharePoint library, site, or team site (see here for a full list of default Permissions levels). Most business units will have their own site, access to which will only be available to certain people belonging to that business unit. For example, you most likely wouldn’t choose to allow everyone in your business complete access to HR.
SharePoint is hierarchical. Along with permission levels, there is also the concept of inheritance. This just means that, by design, all sites and content in a site inherit the permissions settings of the top-level site. So, that also means when you assign unique permissions to sites, libraries and items, they no longer inherit permissions from their parent site.
Essentially, not knowing this and failing to restrict user access to the site and its contents is where failures in SharePoint permissions management can originate.
- Undercooked reports
A common pain point for SharePoint administrators is not having a good enough overview of who has access to specific content across your environment. The makeup of any good permissions strategy is only as strong as your ability to generate detailed reports. But the default SharePoint permission reports don’t really give enough of a granular view of who has permission to access your sites.
There are a lot a different, nuanced permissions a user account can have across the various areas of SharePoint and the out-of-the-box reports can only show you so much. Getting a complete overview is essential to improving how you manage your sites.
- Dead accounts
Organisations are fluid and dynamic. Teams evolve and new members join and leave. Maintaining permissions then becomes important as you may not want a previous member of the team to continue to have access to certain content once they have moved to another team or left the company entirely. But it’s not always possible to keep track of these accounts, especially if your company has hundreds or even thousands of employees. The ability to generate a report that gives a complete overview of what users have access to across the environment as well as showing dead accounts is important, and so is the ability to remove dead accounts quickly and easily.
- Too much power
When your employees have too much power within your SharePoint sites, accidents can happen, or information can go missing. This is where the principle of least privilege comes in. This is the practice of limiting access to the minimal level that will still allow normal functioning. In the context of your business, this means only allowing users the lowest level of rights that doesn’t impinge on their ability to do their jobs. Best practice SharePoint permissions management is centered around this idea, but you need the right reports and a granular overview of your systems to make sure users only have exactly what they need to get their jobs done.
- Broken inheritance
Permissions inheritance in SharePoint could make up a whole blog series in itself. But to summarise, permission inheritance allows you to assign a permission level once and have that permission apply to all sites, lists, libraries, folders, and items that follow on down from the top-level site. It’s a great time-saver for admins and helps reduce the complexity of security management in general.
Sometimes you may need to grant access to your site to a third party. Perhaps an external collaborator. When this happens, you can break inheritance on a piece of content, allowing the third party to gain access and be productive. In well-managed environments, they can access the content but not the rest of the site. But, when your admins are not aware of who has access to what, or your SharePoint platform is not being tended to correctly, broken inheritance can evolve into rogue sites where employees have access to inappropriate content. It’s best to avoid these situations, as vulnerabilities are more frequent, as is the likelihood of a data breach.
DeliverPoint is a SharePoint permissions management tool that empowers Site Owners & Site Collection administrators to accurately report on permissions and manage them in bulk. DeliverPoint makes it easier for your admins to address these five issues we’ve talked about above. DeliverPoint enables them to gain a much more detailed overview of who has permissions to specific content across your environment, and that way they can easily clear dead accounts, fix broken inheritance and make sure the right people have specific access to the correct content.
To find out more about how DeliverPoint can deliver for your business, start your free 14-day trial.