Be careful with granular permissions

Office 365 / SharePoint Blog

This weekend my husband complained that “Technology has given us the capability to turn the simplest thing into something extremely complicated.”

We were trying to look up what time a band was playing at a festival. The festival had developed a mobile website which contained no information about the cost of events, and didn’t contain the schedule for the day in question. In the end, we had to look on the band’s website to confirm that they were indeed playing, but that also did not contain a date or time. We ended up going to the festival location and asking someone in an information booth.

Why do I bring this up? I am often met with the question of whether certain groups should have subsites, or if content can live all on one site. The answer to this question is two words: it depends.

In a high tech environment we can often overcomplicate permissions required for certain systems or processes. While I am conscious of making sure that certain systems or processes should be protected, I have found that in general, people don’t tend to go to places they shouldn’t, and if you make it just a little more cumbersome for them to get somewhere, they generally don’t bother.

In certain situations, it is absolutely warranted to create a subsite accessible by only certain people, or to lock down certain document libraries for a minimal number of eyes. Sensitive information such as a department’s HR files should of course be kept confidential, and shouldn’t be accessible or even viewable by anyone without a specific charge.

When it comes to some things however, such as a basic task list, or a collection of general documents, having those extra layers of security may not be necessary, and may actually complicate matters in the long run. Having several task lists just makes it difficult to keep track of your todos, and SharePoint is supposed to make things easier, right?

I prefer to keep granular permission setting (at the item or list level) to a minimum and when I see it happening on a site, you can expect a phone call or an email from me to ask for clarification as to why it’s being handled this way. Sometimes it makes absolute sense to use your devised solution, and other times there may be other ways to handle the privacy of your processes without needing to specifically grant or deny permissions.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s