The objective of an effective permission strategy is to enhance the performance and manageability of the site. It must facilitate complying with the data governance policies of the organization and also bring down the cost of maintaining the site. Here we discuss why to strategize the permissions and how to approach this task.
Why must you strategize permissions?
Most websites are created rather hurriedly in order to solve a specific problem or to supply a specific set of information to those who need it. Though this is good, the site structure you initially had eventually becomes the default structure when the site grows and it is needed to meet other kinds of needs. This growth can give way to chaos in setting permissions since every member of the organization can have the full control over the sub-sites. In other situations, every member might need a set of new permissions to be able to sue a new site.
A sound permission strategy can help identify these problems before they crop up. A good permission strategy can help control these following three crucial areas.
- Performance and manageability
Permission settings that you choose can impact the site over a long-term deciding how much effort you must spare to manage your sites and how fast your site can respond to user commands.
- Data governance
A thoroughly planned permissions strategy helps ensure compliance with the organization’s unique data governance policies and also comply with the crucially important financial and accounting disclosures and retention legislation like Sarbanes-Oxley.
- Cost of maintenance
A strategy that takes advantage of built-in efficiency tools, such as security groups, permission levels, and permissions inheritance will enhance ease of use for your site users, and minimize the requests for individual access that permissions managers have to respond to during the life of the site.
The best rule for a great permission management strategy
Always follow the rule of least privilege that requires you to give the lowest permission level that a user will crucially need to perform the assigned tasks.
How to coordinate with security groups
- While giving access to people, add them under categories like members, visitors, and owners which are part of the standard security groups.
- It is important that the majority of the members must fall under the Members or Visitors groups.
- Hose in Member group can add or remove documents or items. However, they cannot alter the site structure, appearance, and settings.
- Those in the Visitors group will have only read-only access to the site. While they can view the pages and items, open documents and items, they cannot edit, add or remove items, documents, and pages.
- Have only limited members in the Owners group
- Ensure that only those who you trust are in the Owners group with permissions to change the settings, structure, and appearance of the site.
How to work with the permissions inheritance
- Make the best use of permission inheritance to create a clean and easy to view hierarchy.
- If some lists in the site feature fine-grained permissions, managing permissions can be very difficult. If there are sub-sites with unique permissions and others with inherited permissions, again the admin will have difficulty with managing the permissions.
- If you choose to break the permission inheritance in order to facilitate fine-grained permissions elaborately, users can suffer slower performance while accessing the site content.
- If the permissions and inherited permissions hierarchy are clear, it will be very easy to manage and explain permissions.