Chapter 7: Implementing Security for SharePoint Products

Overview

Implementing security for Windows SharePoint Services and SharePoint Server is a multifaceted exercise. Although it is impossible to completely secure any network server, you can implement controls to mitigate the most common risks. The controls discussed here are a basic set of practices to begin your secure design and implementation; they do not guarantee security. Your environment may require greater security than discussed here, or practices described in this chapter could possibly break your current implementation. For these reasons, it is important to always test new access, authentication, and authorization controls in a test environment before implementing these controls in your production installation.

For in-depth information on securing your Windows infrastructure, see http://msdn.microsoft.com/practices/Topics/security/default.aspx.

New in Windows SharePoint Services 3.0 and SharePoint Server 2007 is the security-trimmed user interface (UI). It prevents users from viewing lists, documents, and management options not available to them. For example, SharePoint Portal Server 2003 allowed all users to see the Site Settings hyperlink. The new version of SharePoint Server hides Site Actions, the Site Settings equivalent in SharePoint Server 2007, from users who do not have permissions to manage the site.