Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

SharePoint Permissions

  Asked By: Caitlin    Date: Jul 26    Category: Sharepoint    Views: 681

I would like some feedback on how others handle SharePoint permissions.
For example, we have decided to only use Active Directory security
groups at the portal and site level never assigning individual users
directly to SharePoint. In a lot of cases, we are creating three AD
security groups per site collection using Administrators, Contributors
and Readers matching SharePoint permissions (e.g. ITG - Server Messaging

Do ya'll (yes, I'm from Alabama) do something similar, or do you assign
individual user permissions "willy nilly" throughout portals and sites?



8 Answers Found

Answer #1    Answered By: Freddy Heath     Answered On: Jul 26

We handle  it case by case. For large audiences, we use AD groups,
especially since SharePoint will croak once you get to a certain number
of individual  users (I think it is a 1000 ??). For small sites  we use
either AD groups  or individual users.

We heavily utilize cross site  groups for some sites as well.

In our organization, AD groups are managed by another support team, so
we can't create them for every scenario that we need. Hence a lot  of
individual user  additions.

One other thing we do is have an AD group for SharePoint admins. That
group is then assigned as admin to every SharePoint site. As support
staff comes and goes, the group is updated. This has worked out well.

Answer #2    Answered By: Joanna Dixon     Answered On: Jul 26

we use security groups  for our portal  server, however at the team site  level we typically use individual  users. Surprisingly we even have a site with 1200 separate users on it -- works just fine.

As for wss though, in our AD we will have security groups setup much like you have with an OU for managerial purposes that defines the organization they're with if external and then placed in a security group which defines what they can get into on the site.

It's typically on the document libraries that we get into trouble where we are adding individual users.

Answer #3    Answered By: Justine Barrera     Answered On: Jul 26

I think the death number for WSS users is 2000 (not 1000 like I originally thought).

We also have a lot  of individual  users set up for individual list permissions, and also get into it for portal  areas. I would think it is a common dilemma.

Answer #4    Answered By: Laura Walker     Answered On: Jul 26

One thing to keep in mind is that if you do not add users individually to WSS – you will not see them in user  Lookup fields. Such as an Issues List which has the “Assigned to” column which should be a drop down of all your WSS users. It does not see the ones added in AD groups.

Someone correct me if I am wrong, but this is what I have seen.

Answer #5    Answered By: Cory Brooks     Answered On: Jul 26

The user  Lookup fields will be populated the first time a user connects to a WSS site. You could send an e-mail with the site  URL to tell everyone to click on it. Then, all users will be populated.

Answer #6    Answered By: Ruth George     Answered On: Jul 26

Once a user  visits a site, their entry is added to the User Profile database and that is what lookup fields’ reference. It has nothing to do with AD groups  or who is listed under Manage Users.

Answer #7    Answered By: Peter Peterson     Answered On: Jul 26

On the plus side of things, you can always just use the wssuserutil to move users somewhere.

Answer #8    Answered By: Kalyan Pujari     Answered On: Jul 26

If a user  has been individually added to a WSS site, it will appear in the lookup fields no matter if they have visited the site  or not.

If a user is a part of an AD group, they will only appear in a look up field after they have visited the site. Visiting the site adds them to the profile database.

Didn't find what you were looking for? Find more on SharePoint Permissions Or get search suggestion and latest updates.