Security SharePoint boundaries - Securable objects Best Practices
Hi,
I have found this question to be trickier than expected, so I wanted to put together my favorites links.
Let's start with oficial published information:
- Plan site security (Office SharePoint Server)
- Plan for software boundaries (Office SharePoint Server) [people objects table]
- Best practices for Search in Office SharePoint Server [Manage access by using Windows security groups section]
- How to add lots of users to a site, to a list, or to a document library in Windows SharePoint Services 3.0 and in SharePoint Server 2007
Other scenarios as security trimming (search related) are not been considered.
Although those articles seem a good starting point, there may be ambiguous general guidance when a customer tries to implement it. Overall I will simplify with: use Active Directory Groups, take into account boundaries, do not target max limits and understand manageability vs business requirements.
These articles from Joel Oleson and Eli Robillard are great summaries .
Finally, it is very important to be able to manage this security configuration efficiently, and here the main recommendation is to complement SharePoint with third parties or published tools as:
- DeliverPoint
- Universal SharePoint Manager
- Security Explorer
- Site Administrator for SharePoint
- SharePoint Administration Toolkit (Office SharePoint Server) [Permissions Reporting Tool]
- User Clustering WebPart
- Others community tools:
- https://www.sharepointsecurity.com/ [Simple Secure WebPart]
- SharePoint Access Checker WebPart
- Site Security Management Utility
Bye!