Monday, August 17, 2009

SharePoint 3.0: Custom Permission Levels

When planning site collection security models for SharePoint deployments, there is certainly a case for simplicity and sticking to the out of box permission levels. Doing this requires the least amount of thought, administrative effort, documentation, and training.

As an added benefit of sticking with the out of box, you can leverage many of the Web based training tutorials and end user, computer based training modules, that are available on the Web with since most of these instructional resources are based on out of box configurations.

Having said that, circumstances and business requirements can require something different than the out of box permission levels. For example, you might want to lock out SharePoint Designer from some users by configuring a permission level that excludes the "Use Remote Interfaces" permission. Or, you might want to prevent content contributors from being able to delete by excluding the "Delete Items" permission. In most cases, having thirty three distinct permissions allows enough flexibility to accommodate.

When I need to utilize custom permission levels, I put a good amount of effort into planning for these and ensure to be consistent with their names, descriptions, and definitions. Below is a sample matrix that I used for planning four custom permission levels, instead of using those which are out of box.

No comments:

Blog Archive