Without a doubt, one of the biggest support headaches with Sharepoint revolve around access controls and permissions. The most frequently raised tickets in HEAT are permissions issues, and we see so many sites where a Site Collection Administrator has inherited a collection with permissions that are a granular hot mess of directly attributed access, or poorly structured groups.
With Sharepoint 2013, rather than becoming simpler (as we’d expected), things seem to have become even more complicated as the new “Share” links scattered throughout SP2013 sites have our users even more confused than before.
To that end, we’ve developed some back-end scripts to interrogate a site collection’s permissions for all items, libraries, lists, subsites and sites (out of hours, unfortunately – purely because the scripts are fairly intensive and rattle through an entire site collection to gather the permissions report).
Running the permissions matrix script against a couple of site collections showed that the following ‘bad habits’ are commonplace in most sites where users have had issues.
- Hitting the ‘Share’ button or link in the wrong place. Quite often a user was given access to a site, with no access whatsoever to the content under it (unless that content was inheriting permissions from the parent site).
- Flipping this on its head, plenty of instances where permissions were granted to a single item, with no permissions granted at the parent object (a site, a list, a library – all with unique permissions of their own).
- Scant use of groups. Sharepoint sites come with three groups on initial setup, in some cases site owners or administrators had bypassed using those groups AT ALL and had just made more work for themselves by controlling permissions to the nth degree at the item level instead.
- Reliance on outdated or incomplete Active Directory groups when assigning unit-level permissions within Sharepoint.
In the latest feedback surrounding the Office 365 Project, we’ve again seen the criticism levelled at Sharepoint that permissions are not intuitive, and that sites are difficult to set up and effectively “lock down” in cases where there’s a requirement to limit access to sensitive data, or make assurances that only certain users will see certain content. Aside from the support documentation already provided, what would users like to see when it comes to permissions help, support or training? Please leave a comment below as your feedback on issues like this can help us understand and shape the service’s support requirements more effectively.