3 | SharePoint Saturday St. Louis 2014 About Me Lou Farho LouFarho@aos5.com SharePoint Design ArchitectLouFarho@aos5.com ▪ 20+ years in IT ▪ 10+ years working with Portals ▪ 7+ years working with SharePoint ▪ http://www.linkedin.com/in/loufarho/ ▪ Wrote my first program in FORTRAN using a card punch machine ▪ Bachelors in Physics (University of Nebraska-Lincoln) ▪ Master in “Computer Science” (University of Nebraska-Omaha)
4 | SharePoint Saturday St. Louis 2014 AOS SharePoint Portal Practice Microsoft Gold Partner ▪ Portals and Collaboration ▪ Communications ▪ Messaging ▪ Server Platform Top Talent ▪ 4 Microsoft SharePoint vTSPs ▪ 16 Architects and Developers ▪ Average of 7 years of SharePoint Experience ▪ Over 50 migrations from SharePoint 2007/2010 to 2013 Customers Win 99.68% of customer respondents would refer AOS to their peers!
5 | SharePoint Saturday St. Louis 2014 Agenda ▪ Discuss SharePoint Security ▪ Discuss Search ▪ Demo
6 | SharePoint Saturday St. Louis 2014 SharePoint Security ▪ Active Directory Security Groups ▪ SharePoint Groups ▪ Direct Permissions ▪ Permission Levels When you start looking at security, chances are good that you start with the basics: who is allowed to access SharePoint resources, what resources are they allowed to see, what resources are they allowed to use, and how are they allowed to use them.
7 | SharePoint Saturday St. Louis 2014 Active Directory Security Groups This is the backbone to provisioning end user access into you Web Applications, Site Collections and Sub-Sites ▪ This allows easy transitions of user access by memberships to AD groups. ▪ Copy another users access by looking at their AD memberships ▪ Can delete a User from the User Information List without harming their access into the site collection
8 | SharePoint Saturday St. Louis 2014 SharePoint Groups ▪ Use SP Groups to encapsulate the Permission Levels – Owners – Members – Visitors – Custom Levels ▪ Add AD Security Groups ▪ Add Users
9 | SharePoint Saturday St. Louis 2014 Direct Permissions ▪ Bad, Very Bad ▪ Hard to determine who has what access ▪ Need to leverage third-party to find out ▪ Better to use a SharePoint Group
10 | SharePoint Saturday St. Louis 2014 Permission Levels Permissions are rights to do something; to view, create, delete, or edit something. User Permissions are broken down into three categories ▪ List Permissions ▪ Site Permissions ▪ Personal Permissions
List Permissions PermissionDescription Manage ListsCreate and delete lists, add or remove columns in a list, and add or remove public views of a list. Override List BehaviorsDiscard or check in a document that is checked out to another user, and change or override settings that allow users to read/edit only their own items. Add ItemsAdd items to lists, and add documents to document libraries. Edit ItemsEdit items in lists, edit documents in document libraries, and customize Web Part pages in document libraries. Delete ItemsDelete items from a list, and documents from a document library. View ItemsView items in lists, and documents in document libraries. Approve ItemsApprove a minor version of list items or document. Open ItemsView the source of documents with server-side file handlers. View VersionsView past versions of a list item or document. Delete VersionsDelete past versions of list items or documents. Create AlertsCreate alerts. View Application PagesView forms, views, and application pages. Enumerate lists.
Site Permissions PermissionDescription Manage PermissionsCreate and change permission levels on the web site and assign permissions to users and groups. View Usage DataView reports on website usage. Create SubsitesCreate subsites such as team sites, Meeting Workspace sites, and Document Workspace sites. Manage Web SiteGrants the ability to perform all administration tasks for the web site, as well as manage content. Add and Customize PagesAdd, change, or delete HTML pages or Web Part pages, and edit the website. Apply Themes and BordersApply a theme or borders to the whole website. Apply Style SheetsApply a style sheet (.css file) to the website. Create GroupsCreate a group of users that can be used anywhere within the site collection. Browse DirectoriesEnumerate files and folders in a website by using SharePoint Designer 2013 and Web DAV interfaces. Use Self-Service Site CreationCreate a website using Self-Service Site Creation. View PagesView pages in a website. Enumerate PermissionsEnumerate permissions on the website, list, folder, document, or list item. Browse User InformationView information about users of the website. Manage AlertsManage alerts for all users of the website. Use Remote InterfacesUse SOAP, Web DAV, the Client Object Model, or SharePoint Designer 2013 interfaces to access the website. Use Client Integration FeaturesUse features that launch client applications. Without this permission, users must work on documents locally and then upload their changes. OpenEnables users to open a website, list, or folder to access items inside that container. Edit Personal User InformationEnables users to change their own user information, such as adding a picture.
Personal Permissions PermissionDescription Manage Personal ViewsCreate, change, and delete personal views of lists. Add/Remove Personal Web PartsAdd or remove personal Web Parts on a Web Part page. Update Personal Web PartsUpdate Web Parts to display personalized information.
14 | SharePoint Saturday St. Louis 2014 Impact on Search ▪ When Permissions change, SharePoint must recalculate and update the index for the scope impacted by the security change.
15 | SharePoint Saturday St. Louis 2014 Demo 1.Search Service Application 2.Crawl Health Report 3.Add User 4.Run an Incremental Crawl 5.Inspect Report 6.Modify an AD Security Group 7.Repeat 4&5
16 | SharePoint Saturday St. Louis 2014 Summary ▪ Impact to incremental crawls using security groups vs SharePoint Groups ▪ SharePoint Farm Size determines overall impact ▪ There will be other factors that impact the incremental crawl. Documents! ▪ Governance for Security and use of Security Groups ▪ Security Group Sprawl