In The Mix

As a SharePoint architect I have the business behind me and the Developers and IT Pro on my shoulders.

Authorization in SharePoint July 9, 2008

Filed under: SharePoint — fmuntean @ 3:00 pm

No matter which authentication mechanism you are using for validating the users into your system you will be still responsible for giving them access to the necessary areas inside SharePoint using SharePoint administration pages.

Because of the type of collaboration between the enterprise and external stake holders a closed attention needs to be taken when assigning rights into the system.

Site collections offer a way of segregating the user rights and information access inside SharePoint.

A single site collection is a simple way to give users rights into the SharePoint and offers but when it comes to areas of the site where user should not have access the administration became harder as permission inheritance needs to be broken. Personally I would not recommend to break the security inheritance more than once on any web navigation tree and the security break should be made so that the sub-webs are more restrictive and not the opposite.

For an external collaboration this means that for each site the security needs to be broken to achieve a level of protection between collaborator from different projects or companies.

By using multiple sites collections ease the permission administration as they are separate entities all together. Another benefit from using site collection if the ease of separate backup, restore and archival of projects sites using out of the box commands.

However the sharing of data between site collections is harder and custom code is needed to achieve that.

Usually for an Intranet site a single site collection will suffice, but for external collaboration where security is more restrictive Multiple Site Collection might be the right approach.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s