For the uninformed, SharePoint’s massively configurable permission schema can be overwhelming. If you have recently taken on the responsibility of administrating your team’s SharePoint site and know very little about SharePoint permissions then this post is for you. SharePoint security is endlessly customizable and the user interface stinks, but with a little patience you can take control of your information.
Step 1: Choose a mantra – Security policies are set up to accomplish two goals: giving the right users access to information they need access to and stopping the wrong users from seeing information they should not see. Depending on the nature of your industry, company, or project you will probably find yourself leaning towards one of these goals. Do you want a site where only a few select people can view and edit documents? Do you want a site where many people will be able to stumble across and learn about what your team is doing? Your real mix will always be somewhere in between, but come to a general mantra on whether your information will be accessed on a need to know basis, or whether your information will be protected on an as needed basis. Is the general idea to restrict only when needed or to allow access only when needed? Write down your information security mantra and hold it up and use it to make decisions throughout the rest of this process.