SharePoint Permission Tips for Site Owners

SharePoint Permission TipsIf you grant SharePoint users the Full Control permission level in a SharePoint site this gives them the ability to administer their own site, including permissions. You will likely find yourself needing to facilitate a “SharePoint Permissions 101” training session at some point. I’ve given a few of these sessions and there are some common questions I consistently hear from site owners; this post will list these questions and my answer for each.

Note: This applies to standard SharePoint sites and NOT a SharePoint site provisioned with an Office 365 Group. In an Office 365 Group site, permission administration is accomplished using different methods.


“Who can edit SharePoint group membership?”

4OptionsYou determine this by clicking Site permissions under the Users and Permissions group in Site settings of any site. You will see a list of all SharePoint groups defined for the current site. If you click into any one of the SharePoint groups and then select the Group Settings ribbon option shown beside the blue star you can see who has the ability to edit that SharePoint group’s membership.

The important settings to know about are the Owner and Group Settings.

Group settings

Important SharePoint Group settings

  1. Owner – this can be a single user or another SharePoint group. The owner can change anything about the group. Whoever provisioned the site’s name will be automatically inserted as the Groups’ owner so make sure this is changed to the appropriate person or group to whom should be responsible for administering the Group’s membership. I recommend using a group here rather than an individual user since if they leave no one will be able to administer the group’s membership
  2. Group Settings – this determines who can view and change membership of the group. Whether you select the Group Owner or Group Members group, it is important to train the people in the group so they know how to administer permissions.

“Can I edit a SharePoint Group’s membership for just one subsite?”

No. This trips up some users. A SharePoint group’s membership is defined at the site collection level. You cannot edit the members in a subsite that requires unique permission if you only want the change to be effective for the subsite. Changing the group’s membership changes it everywhere in the site collection. You only make that mistake once. ūüėČ


“How do I check a user’s permission?”

You can check the permissions for a user, Active Directory security group or SharePoint group at any point in the hierarchy by navigating to the point you want to check permissions at, clicking the ‘Check Permissions’ ribbon option and entering the user’s name. This is often my first step in troubleshooting permission issues for a specific user and object.


“What does ‘Limited Access’ mean?”

Limited Access is a SharePoint permission level. You can’t explicitly grant it, but rather it is automatically granted to users at the site level when the user is assigned permissions to a child object where permission inheritance is broken. This allows a user, for example, to navigate via the site if they have only been granted permission to an object within the site such as a library or folder.

You will see a lot of ‘Limited Access’ users in an environment where end-user’s are sharing files to other user’s as behind-the-scenes this is how SharePoint grants the appropriate permission.


“Can I copy one user’s permission to another?”

In a word? No. This is often the way a request is worded when an end-user is requesting permission… “Give Bob the same access Susan has.”

It’s just not possible using SharePoint out-of-the-box. You have to use a 3rd party tool to allow this type of functionality.

A beneficial approach is to use Active Directory security groups for access. In our example above, if Susan and Bob are in the same Active Directory security groups and you’ve used Active Directory security groups to assign permission in SharePoint, you’re likely half-way there to having Bob set up the same as Susan. Of course, if Susan has been granted unique permissions elsewhere across your farm/tenant, there is no easy out-of-the-box way of knowing where that is and assigning the same to Bob.


“I want everyone to have access but these 5 people. Can I do that?”

In 2 words? It depends. ūüėČ Similar to the previous question, this is often how a request is worded when an end-user wants to prevent certain people from seeing things in SharePoint. It’s usually not that simple – you will need to ask more questions before proceeding.

In our example, are the 5 people listed as individual users for the object and not in a SharePoint group? If so, you can break inheritance by stopping permission inheritance and removing the 5 users. Are the 5 people part of a SharePoint group? If so, you can’t remove them out of the group without affecting everywhere else that SharePoint group is used (refer back to the previous question, “Can I edit a SharePoint Group’s membership for just one subsite?” where I discuss this). Are the 5 people part of a larger Active Directory group that’s been added into the SharePoint group? If so, then you will no longer be able to use that AD security group to assign permission. You will either have to find an AD group where the 5 people are not included or update the AD security group to remove them. (which will have other implications if that security group is being used elsewhere in your environment)

Generally speaking SharePoint permissions are done using a ‘grant’ model rather than a ‘revoke’ model. You cannot explicitly specify users you don’t want to have access.

Exception to this is in an on-premises environment you can specify a user as ‘deny all’ or ‘deny write’ at the web application level, but this is not a granular setting you can control.


Closing thoughts…

Permission administration is a classic example of “a little knowledge is a dangerous thing” in SharePoint. If you have enabled users to administer their own, make sure you’ve armed them with the knowledge to set them up for success.

Thanks for reading.

-JCK

Simple Office 365 Setup Tips for an SMB

Getting a Small Business Organized with Office 365Blog post: 2 minute read.

[Update: April 14, 2017 – Social Media added]

I’m a small business owner with a mighty staff of one. ūüôā I’m also an O365 consultant with an Office 365 Business Essentials tenant. This gives me the opportunity to eat some of my own cooking when it comes to O365 adoption and setting up my tenant to work effectively for me and my business. In this post I’ll share some simple tips for SMBs when setting up their own O365 tenants to help streamline some typical processes.

I’ll cover these things:

  • Provision those Office 365 Groups!
  • Stay on task with Planner Hub
  • Staying organized for speaking and travel
  • Keeping track of receipts
  • Social media [New]

Have an idea for your own tenant that would work for an SMB? Let me know! I’d love to hear your ideas…

Continue reading “Simple Office 365 Setup Tips for an SMB”

SharePoint Fest Denver 2017

DenverCityI’m thrilled to announce I will be giving 2 presentations in Denver at the SP Fest conference that runs from May 30 thru June 2, 2017 in the Colorado Convention Center. This will be my first visit to Colorado and I’m so excited to go!

I’m doing 2 sessions while in Denver. Details are below…


Information Management and Governance in O365

What does Information Management and Governance mean within the context of O365? What are the tools that allow us to manage it? In this session we’ll talk about the traditional ways we’ve approached this discipline and how the new collaboration world is disrupting this.

Organizations need to empower employees to‚ÄĮreap the benefits of new collaboration tools in the digital workplace, but they can‚Äôt compromise the security, compliance and protection of‚ÄĮcorporate assets while doing it.

Capabilities are being rolled out to help organizations keep both managed and unmanaged content secure and compliant throughout O365. We’ll talk about setting organizations up for success on all fronts from an Information Management perspective.


How to Build a SharePoint Search-Driven Website

What does it mean to build a search-driven website in SharePoint and why is this better than the traditional approach of site design? In this session you will learn the value-add of this design architecture and how to build search-driven sites in SharePoint using cross-site publishing and author-in-place features. This approach not only improves the experience for content authors but also provides dynamic, tailored pages for content consumers, all done by leveraging SharePoint search and managed metadata as the underlying mechanism.

I’ll walk thru an end-to-end example of designing, authoring and publishing content as well as customizing search webparts to demonstrate how you can use this technique to keep your site dynamic and personalized. This is a no-code session!

Features demonstrated: Cross-site publishing, Author-in-place, Managed Metadata, Search, Content Search webpart.


Curious about either of my sessions? Well sign up and join me!

For more information about the event and to register, click HERE.
-JCK

Meeting Minutes OneNote Tip!

Meeting Minutes OneNote Tip!Blog post: 2 minute read.

I read in a recent blog post by PC World that “OneNote is the best Microsoft program you’re likely not using”. I’m not sure whether this is true or not but for those of you who are regular OneNote users, this post is for you. For those of you who are not regular users of this program, I encourage you to check it out – it’s a great productivity tool.

Here is a simple, effective, timesaving tip for sharing meeting minutes from OneNote. Although the features used to do this are not new, I find myself regularly showing this tip to users who are unaware of this handy integration. This would be great to share in a “Tips & Tricks with OneNote” training session! Continue reading “Meeting Minutes OneNote Tip!”

O365 Adoption: Noteworthy user groups

O365 Adoption- N[UPDATE March 22, 2017] I neglected to mention document sets. I usually describe these to users as -smart folders-. It is an excellent choice for grouping documents togetBlog post: 3 minute read.

O365 adoption is an interesting challenge. It starts with knowing what your organization has identified as its business value drivers for O365 and translating those into key business scenarios which you train for at the individual level. The goal of training within O365 is to ensure users are comfortable using the suite of O365 tools in these business scenarios for their day-to-day work.

Over the recent past, I’ve made some observations about some right steps and missteps organizations¬†make in their O365 adoption training program. This post focuses on some training strategies I’ve seen yield successful results as well as¬†some noteworthy¬†user groups that you should ensure you’re paying attention to. Continue reading “O365 Adoption: Noteworthy user groups”

SPS Twin Cities 2017

spstc1

The SharePoint Saturday Twin Cities events¬†are always some of the¬†highest-attended in the world. ¬†I’ve gone twice before as an attendee and volunteer, but this time I’m thrilled to announce I’ll be attending as a speaker!

The event is¬†fortunate to have a very special guest delivering the keynote presentation – Microsoft’s Corporate Vice President for OneDrive and SharePoint,¬†Jeff Teper. It is sure to be a fantastic event from start to finish!

In my session I’ll be talking about building a search-driven website in SharePoint. If you’re curious what I mean by that,¬†come on by!

The event is on Saturday, May 6, 2017. Registration details are HERE.

I hope to see you there!

-JCK

Multiple Libraries, Folders or Metadata?

Multiple Libraries or Multiple FoldersWhich one is right- (1)Blog Post: 5 minute read

The other day I was part of a¬†conversation on the subject of storing a group of categorized documents in SharePoint.¬†The gist of the question was around wanting to know if it was best to create multiple¬†document libraries (1 for each category), create 1 document library with multiple category folders within it or use metadata rather than folders. This is an age-old conversation that has gone on thru the years in the SharePoint world. ūüôā

“Category” in this post means any kind of high-level criteria or group you’re wanting to organize your documents by. Examples of this could be project name, document type, etc.

As most people familiar with SharePoint¬†will tell you, all options will¬†work at times however one may be better suited than the others in any given situation. Your decision will¬†ultimately¬†be based on your unique business requirements and these six factors: Continue reading “Multiple Libraries, Folders or Metadata?”

SharePoint Saturday Vancouver 2017

vancouver

I‚Äôm a Canadian prairie gal so any time I can make a trip to the West coast and see those mountains I’m all over it. I’m really excited to be heading to Vancouver, BC for their 2nd annual SharePoint Saturday event on April 8th.

I’ll be doing 2 sessions – the first is a joint presentation with David Drever¬†on SharePoint Search¬†called Finding a Needle in the Haystack: Search Concepts. We talk about some important concepts you should be familiar with when working with¬†SharePoint search.

My second presentation will be all about Office 365 adoption called O365 Adoption: Learn to Fly. I’ll share some¬†ideas and anecdotal stories from my first-hand experience working with clients in various stages of their adoption journey.¬†I’d love to hear about your own adoption stories as well –¬†audience participation is encouraged (and rewarded)!!

I’m looking forward to meeting many people I’ve only known virtually. It should be a great weekend.

To register for the event click here

[Update April 9, 2017] What a fantastic day! There were about 150 in attendance – a great turnout for Vancouver’s 2nd annual event.

Presentation links:

Both presentations went very well – lots of questions from the attendees, and great stories from my O365 adoption session. Here’s some pics from the day and the lucky winner of the Team Canada hockey jersey:

Thank you for having me SPS Vancouver! It was an awesome experience for me.

-JCK

SharePoint Saturday Calgary 2017

new%20rectangularI’m really excited to be heading to Calgary, Alberta for their 4th annual SharePoint Saturday event on April 1st. No foolin!

I’ll be doing 2 presentations:

Finding a Needle in the Haystack: Search Features – this is a joint presentation with David Drever. We talk about some features you should be using in SharePoint search.

O365 Adoption: Learn to Fly – this is a presentation where I’ll share some ideas and anecdotal stories from my first-hand experience working with clients in various stages of their O365 adoption journey. I‚Äôd love to hear about your own adoption stories as well ‚Äď audience participation is encouraged (and may be rewarded) !!

You can find out more about the event as well as register here.

[Update April 2, 2017]

I had a great time. Met several people I only knew virtually up to this point as well as lots of new people eager to learn more about SharePoint and O365.

 

IMG_8496

Organizers, Speakers and Sponsors – SPS Calgary 2017

 

Link to my presentations:

-JCK