SharePoint Security Best Practices
February 1, 2016
Since a lot of companies are now using SharePoint to store their information, here is a list of SharePoint security best practices to help ensure your information is nice and safe.
SharePoint Security Best Practices
SharePoint uses top down security measures to ensure people view the information they’re supposed see and not see what they aren’t. This is done by assigning one person to have Farm Administrative authority. These means a company should only give one person the ability to control the entire system and servers.
You do not want to have too many people in this position because it may negatively impact the rest of your security. This is because the Farm Admin is able to assign permissions. If too many permissions are given to too many people, then what is the point in having secured information?
After your Farm Admin has been appointed, whomever that is will want to appoint permissions to individuals that control web applications. These applications consist of site collections where another layer of administrators is usually located. This is done by permitting users the ability to acquire information stored within these site collections.
It is important that the Farm Admin keeps permissions to site collections separate. That way the Farm Admin is aware of who has access to what. Site collections are kept separate for the same reason. The permission given to an employee by the Farm Admin than allows that employee to assign permissions to their team or a group to allow access to the site. These site collections administrators have access and control of everything within their site, but are not give control of central admin tools.
Groups are created when Site Collection administrators grant permission to a group of people to access the site’s information. Technically a group creates permission level. Within that permission level users can freely share information back and forth via SharePoint. This is made easy in SharePoint since all you need to do is use the share button to relay info between team members.
However, each level of a group is made of different permissions. Therefore, it is possible to have a higher “security clearance” than a counterpart within the same group.
Here is a list of the main SharePoint Permission levels:
- Read: View content and download documents
- Contribute: Contribute to existing lists and libraries
- Edit: Manage lists and edit content
- Full Control: Ability to create new lists and content items
Since permissions flow downhill, they are applied to all content units. If for some reason someone who is outside of a certain permission needs to gain access to information, unique rules can be implemented so that the individual can access to the information.
Content Sharing with SharePoint Online
Sharing within a company’s SharePoint system is simple. It gets a little more complex when you step out of the intranet and try to share information with a SharePoint Online user. When using SharePoint Online you can share information outside of an Active Directory or list; meaning if someone doesn’t have permissions, they can still access documents that are being shared with them from a secured area.
You can disable this function by changing the settings within your Site Application settings. You can make it so that if someone from outside a designated permission level is sent information, they need to sign in with their own credentials or granted anonymous access. This all comes back to how the Site Collections admin wants to deal with the issue.