SharePoint Security: Don't try this at home

One of the most confusing end user areas in SharePoint is site and content security. There are so many places where security can be applied and no easy way to show, in one report, which user or group has access to which securable object in a site collection. Moreover, the concept of security groups, while critical to security success, can be very confusing to end users - especially when you need to combine Active Directory groups with SharePoint groups.

I recently found a very good (and visual) explanation of the basic concepts of SharePoint security on Microsoft.com. The article is called: "About controlling access to sites and site content." It's definitely the best explanation I've seen so far in the collection of Microsoft documentation I've reviewed on this topic.

Since setting up and designing for site security can be confusing, end user designers will definitely need support when they first try to tackle the security issue. Once security for the site and groups is designed, users with permissions to manage security will need to understand how to apply and maintain security for their site, which is also confusing. It's really easy to make a mistake when applying security to a site. Here's a hint that should help explain how security is applied in SharePoint sites: if you click a button called Site Actions, you are affecting an entire site, not a library or list. To affect only a library or list, use Settings.

Note: The sad thing about the excellent document referenced in this post is that I just happened to stumble upon it - searching on the word security or site security or even the entire title within the Help and How To section of Office.microsoft.com didn't get me to the document. I don't even remember how I found it, but to get back to it, I probably pressed my "back" button a dozen times. Save the link - you'll want to share it with your end users!

• Security
• Software
• SharePoint