Managing user permissions in SharePoint can be a double-edged sword. On one hand, it empowers users to be responsible for defining who can do what on SharePoint sites without heavily relying on IT. However, on the flip side, user management can be a total mess without proper guidance and a well-defined process.

“I can’t upload to the Shared Documents library!”

“Since you bought me dinner last night, sure, I can grant you Full Control permission.”

“Nobody knows who has access to what in our SharePoint environment”

Sound familiar? A common factor in mismanaged SharePoint site users is the lack of proper understanding on how SharePoint site membership works. Watch this screencast to have a good foundational knowledge:

SharePoint Security 101 from Dux Raymond Sy on Vimeo

Managing user permissions in SharePoint can be a double-edged sword. On one hand, it empowers users to be responsible for defining who can do what on SharePoint sites without heavily relying on IT. However, on the flip side, user management can be a total mess without proper guidance and a well-defined process.

Here are five practical steps that every SharePoint site owner can do to effectively manage SharePoint users:

1. Identify Communication Requirements

Before users are added to a SharePoint site, it is important to identify the communication needs of individuals that are to be added to the site. For example, if you have a SharePoint site used for projects, the communication requirements may look like:

SP_Permissions_1.jpg

Identify Communication Requirements

2. Group Site Users

Once you know what the communication needs are for your site members, group them based on SharePoint groups. By default, three SharePoint groups are created for each SharePoint site. These groups correspond to a specific permission level -- it defines what a user can do and cannot do on the site.

By grouping users, it is easier to manage and maintain site permissions compared to assigning a permission level directly to a site user.

SP_Permissions_GroupUsers.jpg

Group Users

3. Map Communication Requirements to List or Library Permissions

Site permissions get out of whack typically when SharePoint lists or libraries are aimlessly redefined. An effective way to prevent permissions mismanagement is to identify varying list or library permissions from the get go based on their communication needs from step 1:
 

SP_permissions_MapReq.jpg

Map Communication Requirements 

Editor's Note: Read more SharePoint guidance from Dux Raymond Sy including
5 Reasons Why Executive SharePoint Ignorance is Not Bliss".

4. Enforce Permission Change Management

Directly related to aimlessly changing site permissions is the lack of a structured process of why permissions are changed within a SharePoint site. By enforcing a permission change management process, the risk of site permission mismanagement is greatly reduced.

For example, you can educate site users with this simple process of changing permissions:
 

SP_permissions_AnalyzeRFC.jpg

Enforce Permissions Change Management

  1. User requests that permission be changed due to a valid reason
  2. Change request is then sent to site owner/manager
  3. Site owner/manager reviews the request
  4. Site owner/manager makes a decision and documents it:
    • if Yes, user permission is updated & requestor is informed
    • if No, requestor is informed
    • f Later, site owner/manager schedules a time to review the request again & requestor is informed

 

5. Document and Maintain Site Access Information

As a part of a site owner/managers’ responsibility, it is critical that the first four steps are documented for each SharePoint site. By doing so, IT can better address user management issues by tracing how site membership and permissions were defined.

Feel free to download this SharePoint User Management template.

SP_permissions_Template.jpg

Document and Maintain Site Access Information

Lastly, make sure you watch this screencast entitled “Best Practices in SharePoint User Management” gain relevant insights on how to best manage SharePoint site users.