The article lists some SharePoint Security related facts/experience that may be helpful. Please add your comments if you think the list should expand
- Anonymous Users can add/edit/delete list items. However, they can never add/edit/delete document library items even though they can view document library items.
- It is not possible to make some of the items in a list/document library accessible to anonymous users while other items not accessible. All the items in a list/document library must have the same accessibility for anonymous users.
- You cannot add a Windows Group to Site Collection Administrators. You can only add individual users. It is by design. In my opinion, however, it is not convenient for administration.
- A common misconception is that a user in the Site Owner group can access all the contents in a site. In theory, you must check item level permission for all the items in all the lists to make sure a user can access all the contents in a site. To be complete, you need also to check the Security Policy for the web application. Never assume a site owner can do anything.
- Limited Access Permission Level is to be added by SharePoint automatically. For example, assuming a user does not have any permission in a SharePoint site, if you add an item level read permission to the user for an item of a list. The SharePoint will add Limited Access Permission Level to the user at the list and the site level automatically.
- SharePoint does not have the finest permission granularity. For example, it is not possible to have one user to have edit site title and image permission and the other to have delete child sub sites permission. This is because "Manage Web Site" permission includes both edit site title/image and delete child sub sites. This lack of finest permission does cause problem in practice since you have to assign the same people to perform two very different categories of administrative tasks.
- ...... more to come
No comments:
Post a Comment