Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Permissions paranoia

  Asked By: Carlton    Date: Oct 17    Category: Sharepoint    Views: 740

As I encourage more folks to use team sites for team collaboration,
I'm sensing some real paranoia on their part, and it often relates to

One guy kept asking who would be able to see changes he'd made to a
document. And who could change it. And would anyone know it wasn't
him. And...so on. Ugh! I was explaining how only people who had
permission to access the site could do such things, and that it comes
down to a matter of trust among team members. He doesn't even seem to
trust the person designated as his team's site administrator.

On the file shares, only IT can manage who has access to folders. In
SharePoint, we have designated site administrators for the team sites.
So, technically, the site admin could grant someone access w/out other
team members knowing about it. That makes folks nervous. They seem to
trust IT more than their own colleagues. :P

Anyone experience this? What have you done to alleviate some of the



7 Answers Found

Answer #1    Answered By: Akshay Gupta     Answered On: Oct 17

Hire robots. They don't have feelings. Yet.

Seriously though, we're dealing with that exact issue. Unfortunately, it's a
culture change  and it just takes time and experience. We're hoping that after a
few months (years?) of using the product they'll get used to it and learn to
trust each other. If they know that you have a very good, granular backup
strategy in place should something "happen" to an item, document, or site, that
may help alleviate some of that paranoia, too.

Answer #2    Answered By: Trinity Scott     Answered On: Oct 17

Yes, I have a feeling this particular guy is paranoid
about certain higher-ups in his team  *seeing* some of his work or
something. :P

Follow-up Question: Are your full intranet admins supposed to log in
w/ a general admin account, or do their user accounts have all the
required permissions  to see/do anything. I think that's another
weird thing about SharePoint for me. As Intranet Manager, I'm able
to access anything on the intranet. It's a little weird when I do a
search and get results that I otherwise wouldn't get. I have a
feeling it might almost be better to have my user account only have
the type of access that the rest of my team has, and then use a
separate admin account when I need to perform certain admin duties.

I don't work in IT, so I don't know the normal protocol for this
type of thing. Very curious to know how others do this.

Answer #3    Answered By: Constance Guerrero     Answered On: Oct 17

The best advice I can give is to have a separate admin account

The number of times you see people accidentally delete docs and sites  when
logged on as an admin is phenomenal

If your normal account doesn't have these rights you're unlikely to do things in

Answer #4    Answered By: Chandrabhan Konwar     Answered On: Oct 17

Now for my own paranoia:

Has anyone used zones and web application policies to limit what a person can do
when logged on via the intranet zone versus the extranet zone? Here's a

John is a site collection administrator and is working from home over http. He
has site collection administrator rights while working from home. John walks
away for a minute, leaving the browser open. His 8 year old son decides to play
around a bit and POOF, goodbye site (or list, or doc library). Another scenario
is an employee at a PC in a public library and forgetting to log off, etc.

If we limit permissions  on the extranet zone, this situation can be somewhat
alleviated. The obvious problem is the user is restricted with what they can do
from home.

Is anyone doing this? If so, how's the experience been? Any complaints?

Answer #5    Answered By: Tina Owens     Answered On: Oct 17

First, IMHPO you should be using SSL for any external access. Second,
walking away for a few minutes or forgetting to log off does't just happen
at home or at public a library. Individuals have to be held responsible for
their actions and omissions. If you trust the individual at work to be an
administrator then you have to trust them to do the right thing away from

Answer #6    Answered By: Tiana Whitaker     Answered On: Oct 17

Very true, though preventative education on this particular point (remote
access) will help people properly handle their responsibilities.

Answer #7    Answered By: Alice Chandler     Answered On: Oct 17

Consider turning on Versioning, then show him that each changed doc is
associated with the logged-in ID. Make sure that everyone knows that
everything they do on the site is logged with their ID [even though it may
be the very devil to pull it out of the logs... You don't have to mention
that]. IME, that level of accountability helps to calm jitters.

Didn't find what you were looking for? Find more on Permissions paranoia Or get search suggestion and latest updates.