Authorization

Introduction

It’s a bit confusing. We’re going to talk about somewhat technical terms that define what you can do on a Teams environment or SharePoint site.

On the other hand, we will also discuss documentary workflows based on the concepts of document management and records management.

Learning objective

Get familiar with the concept of authentication (validate that you are who you say you are) and authorization. (since we have checked who you are we must arrange what you can do.

  • Read; you have the rights of a visitor or a viewer
  • Member: Create, read, update, or delete because you have “member rights” that make you an active contributor in a collaborative process
  • Owner; you have full control over the site. You can add functionality alter settings or assign other users.
You will also learn what the effect of authorization is on search.

Let's play

  • Try to access a site of one of your team members (some other animal).
  • See what happens when others try to access it.
  • Assign viewer rights to the rest of the team. 
  • Assign member rights to 2 other team members.
  • Create a new library and break the hierarchy of user management.
  • See what it does to search behavior.
  • Audience targetting.

Inheritance

If not decided in another way all content/ functionality inherits the role pattern that is set on a site.

Break the string and assign new rights

Inheritance can be broken. This can be done on the level of a site when a site has subsites, this can be done on list or library level, this can be done on folder level, and even on file level. 

New rights structure from the breakpoint

At a breakpoint, you can remove rights that come from the upper level and you can add a new structure. E.g. the entire site is based on members’ rights for everyone except external users but when you give the documents library-specific rights you can change that to only viewer rights for everyone…

Warning

Be aware that when you relocate a file it inherits the right structure from the container it is in unless you assign rights on an item level. An item is a row in a list, a file in a library, or a site page, which is not different from any file when it comes to rights management. They are just .aspx pages in a page library.

Structure

The SharePoint landscape is made of sites. When you create a SharePoint, you create a site, and each site can be considered a world in a universe. 

We can break down this world (site) into smaller bodies. In the early years of SharePoint, people build enormous hierarchies of sites and sub-sites and even levels deeper. 

There is no need to create complex hierarchies anymore. Each site can contain hundreds of libraries and lists and you can organize rights on every library, folders and even on an individual file. 

Be aware that when you relocate a file (that has no dedicated rights) that it will inherit the right of the library or folder where it’s stored.

Administrative owner and deputy

Driving the bus

The owner of the site is the person responsible for content and business logic. For IT the owner is the person that will be contacted when things change. 

As an owner you need to accept responsibility for the content that you and the other users Create, Read, Update or Delete. The owner is the person that will be addressed when IT, Security, or Data Protection officials need to communicate about matters on a site.

Provisioning and retention

When you request a site, IT monitors usage (in a very simple way) by looking at the deployment date. At the end of the second year, the owner will be sent a disposition approval notification. Actually, IT is saying that they will take the site out of circulation. Unless; the owner validates the continuous usage of the site. Based on that dialogue a new retention time will be set 

Ownership from a SharePoint of view

The administrator or the  mechanic

An administrator is the “mechanic” of the site. When there is a need to create libraries, lists, adjust settings, etc. 

The accent is technical but you don’t need to be a hard-core developer.

With the training you are receiving right now, you are properly equipped to be a mechanic. 

We have one main request/ concern.

Please don’t use the production environment for trial and error and tinkering. Unless you really know what you are doing, make use of a development environment. Microsoft provides free trial environments for 30 days.