Security for documents is important for most organizations. Some organizations need to restrict access to specific documents. For example, employee salary information is usually not meant to be publicized; therefore, access to it would be restricted to only those people who needed to work with the documents. As another example, people may be using shared workspaces for collaboration when modifying documents, but the final version goes to a centralized departmental site where write access is restricted to the department manager. Security is used in multiple ways in SharePoint, as discussed in detail in Chapter 15, "Implementing and Validating SharePoint Security." This chapter provides an overview of the security features that can be used when managing access to documents and libraries. Managing Site Security with Site GroupsSite groups control the overall actions that users can perform on the site. When users are granted permission to access the site, they must be assigned to at least one site group. The default groups are as follows:
In addition to the groups just listed is a Guest group that has limited rights to view specific pages and/or parts of a page. Members are added to this group when they are given per-list permissions for a specific list or library. Custom site groups can also be created with rights selected by the creator of the group. To create a custom site group
Figure 11.17 shows some of the rights that can be added to a custom-created group. Figure 11.17. Creating a custom site group.The rights assigned to site groups and individual users can also be modified. This is done as follows:
NOTE The rights assigned to the Administrators group and to the Guest group cannot be changed. Providing Access to a Specific List Using Per-List PermissionsFor granularity, user access can also be specified on a per-list basis. Remember that a list in SharePoint can be a document library, links, contacts, tasks, announcements, events, or issues. If there is a list (for example, a document library) that contains sensitive data (for example, payroll information), the list can be configured to prevent access to the documents for the non-payroll personnel. To change permissions to a library or list
Each process is fairly self-explanatory so won't be reviewed in detail. A site administrator will want to experiment with this process depending upon the purpose of the library or list. |