If you are using Active Directory, manage all SharePoint permissions using Active Directory (AD) groups whenever possible.
Create groups in AD and mark them as SharePoint-based group, (such as SP-CorpOffice-ALL, SP-CorpOffice-SiteManagers, SP-CorpOffice-ContentManagers, etc).
Add users and user groups to those groups in AD. (This step is where users can be managed - untrained users cannot get into the Site Manager groups, especially if the Site Managers have permissions to modify content types on the top level site!)
You now have groups that represent the people you want to manage.
Create permissions levels based on what we want to allow those groups of people to be able to do in the site or site collection. In our sites, we basically have Site Managers (can create lists and libraries), Content Managers (can add/edit/delete content only, cannot create lists or pages), and we have general users (we have a lot more permissions than that, but those are the basic three).
We then add the AD group the appropriate permissions level in the SharePoint site (or list or whatever).
Now, with 25k users, you don't have to manage each site, user, permission, which can get exponentially tedious after just a few hours.
1.14.2009
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment