Our department has gone through many changes in the past 3 years. Something that didn’t change was our aging KBPublisher knowledge base. The KB is an internal KB for departmental use only. We don’t publish articles for our students or internal customers. Many article are out-dated and the tech who set everything up left without providing good documentation on this server.
I took some time to asses the situation and decided that migration to a new solution would be in our best interest. We decided to give SharePoint a shot. It was easy to setup and is built for collaborative efforts. I recently had another department request a SharePoint site, easy enough…until I realized that I had potential permissions issues.
I’m glad that I discovered this now. A single server can contain multiple sites for multiple departments. The key is using group permissions, stopping inheritance, and micro-managing permissions for each departmental site. If there’s a better solution, I haven’t found it yet.
SharePoint comes out of the box with several groups.
- Hierarchy Managers
- Home Members
- Home Owners – no tax credit provided to first timers
- Home Visitors
- Restricted Readers
- Style Resource Readers
- System Account
I won’t go over the details about each group, the names are self explanatory. The site Administrator is able to create new groups and to add users to groups. SharePoint will integrate with your AD automatically if you have one. As I began to add members to groups and create new groups I realized something, the permissions being set are at the root level of the server and trickle down to all sites. Even if I think I’m simply giving Home Owner level permissions to UserA on SiteA I also supplied them with the same permissions to SiteB, C, E, etc. My solution?
When I create a group I give it one of two permission sets, read or view. Read allows the user to browse sites and to download documents. Viewers only have the ability to view sites and can’t access documents stored on SharePoint sites. Viewer level permissions are most commonly used.
I currently have two groups created, we’ll call them A and B. Group A is setup to manage site A while group B is setup to manage site B. I visit site A and go to Site Actions, Edit Permissions, Stop Inheriting Permissions, set permissions for groups A and B appropriately. I then move onto site B and go to Site Actions, Edit Permissions, Stop Inheriting Permissions, set permissions for groups A and B appropriately.
That’s all there is too it. I have to admit it’s a pain and I’m hoping there’s a better solution out there. I want an easy interface for managing permissions and right now that either isn’t available or isn’t easy to find. If you have questions or suggestions please drop me a comment below.
PS: One last thing…
To quickly view site permissions for any given group simply do the following rather than chasing down all your sites. From the root of your SharePoints website go to Site Settings -> People and groups -> Open the group you want to check on, from the Settings dropbox select View Group Permissions. You are given an overview of sites and the permissions given to that group.