About

Chris Welch

Synergy – Global Reach. Local Service.

Email - cwelch@synergyonline.comCell - 808 255 9431 Online - www.synergyonline.com

USA | South Africa | United Kingdom | Asia Pacific

SharePoint 2010 End User Security - Standardization and Customization• Understanding security in

the End User environment

• Discussion and Demonstrations

• All participation is welcome and appreciated

SharePoint 2010 End User Security - Standardization and Customization

> Planning and understanding <

How do you make a meaningful security infrastructure?

So… Let’s talk a bit about security

What is security?

Trust

• Trust in people• Trust in technology• Trust in business P&P• Trust in the institutional

setting

Best Practice

• Keep it simple• Reduce• Reuse• Recycle

Security is a management process

Basic Security Concepts

• Plan the security environment• What – define security • Sites• Lists and libraries

• Who – define roles• Separation of Duties

• Access – define levels• Least Privilege

SharePoint Roles

• Standard Security Roles• Farm Administrator• Site Collection Administrator• Service Application Administrator• Site Administrator• Users

Security 101 - Terms

• Authorization vs. Authentication• Risk Management• $ or other measure

• Central tenets of measuring secure systems• Confidentiality• Integrity• Availability• Non Repudiation• Others….

So What About SharePoint?

• Demo Interlude• How does SharePoint do -• Confidentiality• Integrity• Availability• Non-Repudiation

Discussion Point

• Where are the

• Strengths in your SharePoint security

• Weaknesses in your SharePoint security

What is the trust factor

Architecture Primer

• SharePoint architecture

Web ApplicationSite Collection

SitesLists and Libraries

Web Application Security

• Performed by a Farm Administrator• Security• Authentication• User Permissions• Policies• Anonymous• User• Permissions

Web Application Demo

• Authentication Providers• User Permissions• Remove Manage Lists

permission• Policies• Create Deny Delete Permission

Policy• Apply as a User Policy

• Site Collection Administrator• Has full control of all content in a

site collection• Is bound by security policy

settings at the Web Application level

• Is managed at the site collection or farm Web Application level

• Highly trusted position in user environment• Farm Administrator

Site collection security

Site Level Security

• Uses three basic pieces of infrastructure• Security principle• Securable Object• Permission Level

User or Group Site-List-Item

Permission Level

Users and Groups

• Maintained at the site collection • Users • Available from Authentication

Provider• Stored in user information list

• Groups• AD• SharePoint

• Best Practice Discussion• Users vs. Groups

Some Limits to Consider

• Supported Limits• Groups per users - 5000• Users – 2 million per SC• Principles per group – 5000• SharePoint Groups – 10,000 per

SC• Security Scope – 5000

• Limits based on performance

Users and Group Demo

• Users and Group• Review groups• Create a group and discuss

settings• Suggestions Group

• Add users• Settings overview• Groups page• Group

Securable Objects

• Sites, lists and libraries, item• Security inherited by default• Inheritance can be removed• Sites can be created with unique

permissions• Creates three groups by default• Permsetup.aspx

Securable Objects Demonstration

• Review settings• Remove inheritance for a site• Remove inherited principles• Create a new security infrastructure

Permissions and Permission Levels

• Used to grant access• Based upon granular permissions• 33

• Default set of permission levels• FDCRL• AMRV• Do not delete!

• Used to create customized security settings

Permission Levels

• Stored at the top level site• Inheritance can be broken, using

PowerShell• Best practice is to create a new

Permission Level by inheriting from an existing one

Demo of Permission Levels

• Review permissions• Create a permission level by

copying• Remove delete versions

• Create a manage lists permission level• Demonstrate permission

dependencies

Finally

• Security• Standardize where possible• Customize where necessary• Plan• Document• Simplify

Questions?