Click here to Skip to main content
12,549,720 members (44,566 online)
Click here to Skip to main content
Add your own
alternative version


2 bookmarked

IT vs Business: SharePoint permissions strategy

, 2 Oct 2012 CC (ASA 3U)
Rate this:
Please Sign up or sign in to vote.
How to set up business process of Microsoft SharePoint permissions management to reduce IT Help Desk requests, speed up an access granting and increase collaborative value of MOSS corporate portal.

Recently I have ensured again that the main challenge for SharePoint professional in an organisation is the business processes setting up. There is no problem to organise corporate information and to build information architecture. There is no problem to provide shared workplaces for the business teams. Even there is no problem to automate existing processes. The problem is to set up correct business process when there is nothing existing.

Lets take some common process of permissions management. IT guys would like to control everything and would like to manage each particular operation with sensitive data. And this approach may be useful, but not for collaboration. In SharePoint all contents is the collaborative asset. So, the main business value of that system is sharing and team work with the documents. The mandatory condition here is a read-write access to document for each team member. The real life systems, unfortunately, rarely meet this simple condition.

Commonly I met situation when all SharePoint permissions managing by IT Service Desk. This does mean that SharePoint system administrator receiving 50 tickets each day with sentences like “I need access to sales report for March of 2011”, “Why I unable to read the corporate financial statement” or “Could you please remove that party photo where I am dancing on a table”. And our system administrator have no idea where this files located. So, he or she have two options: find file and grant the access or ask a team leader whether the person should have the access. In the first scenario it is obvious that corporate security not working – each employee can have the access if asking. In the second scenario the ticket returning back to business representative for approvement.

We have more requests, more bureaucracy, more time, more routine work for IT, less value for the business, less satisfaction with IT department, less satisfaction with SharePoint. And the only reason for that is the total control for IT guys and misunderstanding of the base principles of collaborative environment.

Common SharePoint permissions strategy

To avoid such problems we need to build the business process based on another strategy. IT guys just should admit that they not owning the corporate data. And they not manage it. IT is just providing a hosting environment; a service for the business.

So, suggested approach is to have a business owners for each business team site. The business owner or team leader will have the full permissions on a team web site. Full mean full – creation of the custom lists, sub sites and pages without any restrictions. This business representative is the only person who knows exactly how the team information sensitive. That person can make a decision and delegate an access to team members depending on own understanding. If somebody needs access to team information than he or she can contact directly the team leader and get the permissions. If something going wrong the team leader can still call to IT service desk and ask for help.

Mixed permission management system for SharePoint

This permission management strategy improves the corporate security for sensitive data, reduces the number of requests to IT and makes environment more open and collaborative. To support that strategy it is good to have an article on a portal which describes the process and a list of the business owners for each part of the corporate portal. Access to shared corporate pages like a news or branding information can be managed automatically based on organisation units membership.

For example, if we have hired an HR professional and have created an Active Directory account for the person than the account will be included in HR organisation unit which has access to shared upper level sites on the portal. This process not require a lot of efforts and should be done only on creation of the account. 

The zones of control under the corporate portal

The described approach successfully used for some of our customers. If you have some thoughts feel free to share it in comments. Thank you for reading!


This article, along with any associated source code and files, is licensed under The Creative Commons Attribution-Share Alike 3.0 Unported License


About the Author

Pavel Korsukov
Founder Deploy4Me
Australia Australia
I am a co-founder of Deploy4Me and a Technical Architect. The major interests are software development, software deployment and my family =) Feel free to take a look on what I am doing day by day on Deploy4Me and make you comment to it. Thanks!

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.161021.1 | Last Updated 3 Oct 2012
Article Copyright 2012 by Pavel Korsukov
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid