Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

Manage Permissions and Suma-Manage Permissions

  Asked By: Elijah Lambert         Date: Sep 22, 2008      Category: Sharepoint      Views: 330
 

Does it really make sense for the permission level "Manage Permissions"
(Included in Manage Heirarchy) to allow the user to manage permission
*levels* as well.

Say for example, I am a user of a site and my only role is to add and
remove individuals or groups to be able to use that site. I would
probably have a custom level that includes the minimal requirements for
Manage Permissions. This includes innocuous items, comprehesively:
Lists-> "View" "Open" "Versions"; and Permissions-> "Manage" "Browse"
"View" "Enumerate" "User Info" "Open"

The trouble is, the "manage" part also allows me to create and change
permission levels, so I could change my bare-bones custom level to
include "Delete Versions" "Create Subsites" "Override CheckOut" Well
beyond what my job function entails. It also endangers me by allowing
Site-Wide mayhem when I check one a more powerful items on an OOTB
permission level template and grant "manage lists" to the View Only
permission.

Okay, granted if I have "Manage Permissions" I could always give myself
full control and accomplish this anyway, but it seems like managing the
permissions templates should be more finely grained (split into manage
permisions and seprately manage custom levels) in its empowerments so I
can protect myself from mistakes, and simplify the interface for others.

Tagged:        

 

1 Answer Found

 
Answer #1       Answered By: Anthony Rutledge          Answered On: Sep 22, 2008       

This is where we get into those two areas called Training and Company
Policies. If you give  someone the ability to manage  security then you
give them the ability to manage security. You restrict what they can
manage security on, not how they package it. permission  levels are just
groups of permissions. Its like saying that you can give individuals
permission to do something but you can't create  a group of individuals
and give them permission. Permission levels  are just groups  of
permissions. You have to teach people with administrative power how to
use it (Training) and when not to use it (Policies). So yes, if I give
you enough authority to assign "Full Control" then it is perfectly
reasonable to allow you to package permissions  into any groupings that
are required.

 
Didn't find what you were looking for? Find more on Manage Permissions and Suma-Manage Permissions Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011