Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Permission management (was Recommendation for a 3rd party tool...)

  Asked By: Charan    Date: Feb 26    Category: Sharepoint    Views: 2362

I'd be interested to hear more on this, particularly regarding the perceived
deficiencies in SP and how they're filled by DeliverPoint. Any good case
studies out there?



3 Answers Found

Answer #1    Answered By: Lorenzo Steele     Answered On: Feb 26

Here's the main reason we purchased it. In SharePoint, the default way
to add users is directly on the site, directly on the permissions page,
or in SharePoint Groups. The problem with this is that when users leave
the company, those dead user accounts never leave the sharepoint site.
When you're dealing with over 20,000 users as we are, you can't be
expected to keep those cleaned up on every site, and our auditors didn't
like the fact that those user accounts still exist on the site (even
though the users are long gone and accounts aren't in AD anymore).

So, for years, we've had to do all of our user permissions via Active
Directory. Each time we create a new site collection, we create 4 AD
groups for Administrators, Contributors, Readers, and Web Designers, and
then give those groups the appropriate permissions on the site. Of
course, in this situation, "Administrators" aren't really administrators
because we have to create a custom permission  level on each site "Custom
Admin" and take away the ability to modify permissions on the site.

Anyway, DeliverPoint has a feature that lets you, in a couple of clicks,
remove all dead accounts from your sharepoint sites. With DeliverPoint
in place, we can now let the users modify permissions directly on the
site, instead of them having to do it via Outlook by editing
distribution lists.

Here's the site: http://barracuda.net/HOME/tabid/36/Default.aspx
Check it out. There are a lot of other great things that this product
does besides cleaning up old accounts.

Answer #2    Answered By: Divakar Naik     Answered On: Feb 26

I guess I just always thought that
managing groups by AD made more sense anyway, so SharePoint didn't really
seem that bad. I'll have to read up on it so I fully understand the problem
(and, by extension, the solution).

Answer #3    Answered By: Aishwarya Karmarkar     Answered On: Feb 26

My chief beef with SharePoint permissions management  is the difficulty of
getting useful views of permission  by user or group, or of the permissions
inheritance tree.

You can, for example, get a list of the objects that SharePoint group has
unique permissions on if that object is not inheriting permissions; but you
can't get a comparable list for an individual user or an AD group. You also
can't get a tree view of inheriting and non-inheriting objects. The net
result on any site which actually tries to utilize item-level permissions is
a lot of backing and filling to try to find where any particular user's
permissions went wrong.

Trying to fix up a site of any size when somebody has mismanaged permissions
is excruciating. You just can't get the views you need.

That's one place where DeliverPoint found a market.