Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Manage Permissions and Suma-Manage Permissions

  Asked By: Elijah    Date: Sep 22    Category: Sharepoint    Views: 2122

Does it really make sense for the permission level "Manage Permissions"
(Included in Manage Heirarchy) to allow the user to manage permission
*levels* as well.

Say for example, I am a user of a site and my only role is to add and
remove individuals or groups to be able to use that site. I would
probably have a custom level that includes the minimal requirements for
Manage Permissions. This includes innocuous items, comprehesively:
Lists-> "View" "Open" "Versions"; and Permissions-> "Manage" "Browse"
"View" "Enumerate" "User Info" "Open"

The trouble is, the "manage" part also allows me to create and change
permission levels, so I could change my bare-bones custom level to
include "Delete Versions" "Create Subsites" "Override CheckOut" Well
beyond what my job function entails. It also endangers me by allowing
Site-Wide mayhem when I check one a more powerful items on an OOTB
permission level template and grant "manage lists" to the View Only

Okay, granted if I have "Manage Permissions" I could always give myself
full control and accomplish this anyway, but it seems like managing the
permissions templates should be more finely grained (split into manage
permisions and seprately manage custom levels) in its empowerments so I
can protect myself from mistakes, and simplify the interface for others.



1 Answer Found

Answer #1    Answered By: Anthony Rutledge     Answered On: Sep 22

This is where we get into those two areas called Training and Company
Policies. If you give  someone the ability to manage  security then you
give them the ability to manage security. You restrict what they can
manage security on, not how they package it. permission  levels are just
groups of permissions. Its like saying that you can give individuals
permission to do something but you can't create  a group of individuals
and give them permission. Permission levels  are just groups  of
permissions. You have to teach people with administrative power how to
use it (Training) and when not to use it (Policies). So yes, if I give
you enough authority to assign "Full Control" then it is perfectly
reasonable to allow you to package permissions  into any groupings that
are required.

Didn't find what you were looking for? Find more on Manage Permissions and Suma-Manage Permissions Or get search suggestion and latest updates.