Online all the time, anywhere with anything
Call Us: +46 8 50003170

SharePoint permissions can be a nightmare and a security issue

One of the biggest challenge as a SharePoint consultant is to convince customers to keep permissions. Some want to break permissions down the path in SharePoint. It is a nightmare to administer and control. If you make a mistake so that a user can access more than they should. It will be shown in searches the user conduct and now even more in Delve. Delve shows what other users have been editing in SharePoint that the user has access to. To keep control of permissions is crucial!

SharePoint is designed so that a Site Collection(top-site with subsites) is given permissions and all content is inheriting permissions. Libraries, lists, pages, subsites and all their contents inherits permissions. It is possible to break the inheritance but you will be given a task to administer the permissions. The task is very time-consuming and can easily be a nightmare. The permission structure need s to be well documented and controlled.

I am open to set specific permission on subsites and document libraries, I am always arguing not to set specific permissions on files and folders in a document library. It is never right to set specific permissions on folder in a document library. In fact I don´t like to use folders at all in document libraries, I suggest to use site columns with choice values or metadata terms that are named the same as the folders. It is then easy to sort, filter and group files by value from choice or metadata terms.

We have started to produce some guidelines how to setup document libraries in SharePoint. I am sharing these like we do in the SharePoint community, sharing is caring!

  • Keep document libraries to not exceed 5 000 files.
  • Refrain from using folders, use metadata and choice columns instead.
  • Files (and if you use folders) should not contain space character. The space will be shown as the hexadecimal value %20.
  • If you need to use folders do not have more than 2 levels depth. I know this is the biggest challenge for many.
  • Files and folders can´t contain dot (.) and should not start with underscore _ , dot is not valid and underscore will hide the folder.
  • The illegal characters are v~, #, %, & , *, {, }, \, :, <, >, ?, /, |, “ I know that Microsoft are looking into taking some of these away as illegal.
  • Plan to avoid using File Explorer or Binder (Mac users). Use the browser instead so you can see the extra columns.
  • Open and save documents directly to SharePoint and OneDrive.
  • Never break permissions on folders, use specific document libraries and Office 365 groups.
  • Plan for governance and archiving.
  • If you have sensitive documents our advice is to use IRM(Information Rights Management) and AIP(Azure Information Protection).
  • Always! Conduct user training when starting to use SharePoint!

These are some of the guidelines we share when we meet new customers