Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
SharePoint Security and Search Lou Farho, Design Architect Alexander Open Systems Thank you SPSKC15 sponsors! About Me Lou Farho [email protected] SharePoint Design Architect ▪ 20+ years in IT ▪ 10+ years working with Portals ▪ 7+ years working with SharePoint ▪ http://www.linkedin.com/in/loufarho/ ▪ Wrote my first program in FORTRAN using a card punch machine ▪ Bachelors in Physics (University of Nebraska-Lincoln) ▪ Master in “Computer Science” (University of Nebraska-Omaha) 3 | SharePoint Saturday St. Louis 2014 AOS SharePoint Portal Practice Microsoft Gold Partner Top Talent ▪ Portals and Collaboration ▪ 4 Microsoft SharePoint vTSPs ▪ Communications ▪ 16 Architects and Developers ▪ Messaging ▪ Average of 7 years of SharePoint Experience ▪ Server Platform ▪ Over 50 migrations from SharePoint 2007/2010 to 2013 Customers Win • 99.68% of customer respondents would refer AOS to their peers! 4 | SharePoint Saturday St. Louis 2014 Agenda ▪ Discuss SharePoint Security ▪ Discuss Search ▪ Demo 5 | SharePoint Saturday St. Louis 2014 SharePoint Security When you start looking at security, chances are good that you start with the basics: who is allowed to access SharePoint resources, what resources are they allowed to see, what resources are they allowed to use, and how are they allowed to use them. ▪ Active Directory Security Groups ▪ SharePoint Groups ▪ Direct Permissions ▪ Permission Levels 6 | SharePoint Saturday St. Louis 2014 Active Directory Security Groups This is the backbone to provisioning end user access into you Web Applications, Site Collections and Sub-Sites ▪ This allows easy transitions of user access by memberships to AD groups. ▪ Copy another users access by looking at their AD memberships ▪ Can delete a User from the User Information List without harming their access into the site collection 7 | SharePoint Saturday St. Louis 2014 SharePoint Groups ▪ Use SP Groups to encapsulate the Permission Levels – Owners – Members – Visitors – Custom Levels ▪ Add AD Security Groups ▪ Add Users 8 | SharePoint Saturday St. Louis 2014 Direct Permissions ▪ Bad, Very Bad ▪ Hard to determine who has what access ▪ Need to leverage third-party to find out ▪ Better to use a SharePoint Group 9 | SharePoint Saturday St. Louis 2014 Permission Levels Permissions are rights to do something; to view, create, delete, or edit something. User Permissions are broken down into three categories ▪ List Permissions ▪ Site Permissions ▪ Personal Permissions 10 | SharePoint Saturday St. Louis 2014 List Permissions Permission Description Manage Lists Create and delete lists, add or remove columns in a list, and add or remove public views of a list. Override List Behaviors Discard or check in a document that is checked out to another user, and change or override settings that allow users to read/edit only their own items. Add Items Add items to lists, and add documents to document libraries. Edit Items Edit items in lists, edit documents in document libraries, and customize Web Part pages in document libraries. Delete Items Delete items from a list, and documents from a document library. View Items View items in lists, and documents in document libraries. Approve Items Approve a minor version of list items or document. Open Items View the source of documents with server-side file handlers. View Versions View past versions of a list item or document. Delete Versions Delete past versions of list items or documents. Create Alerts Create alerts. View Application Pages View forms, views, and application pages. Enumerate lists. Site Permissions Permission Description Manage Permissions Create and change permission levels on the web site and assign permissions to users and groups. View Usage Data View reports on website usage. Create Subsites Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites. Manage Web Site Grants the ability to perform all administration tasks for the web site, as well as manage content. Add and Customize Pages Add, change, or delete HTML pages or Web Part pages, and edit the website. Apply Themes and Borders Apply a theme or borders to the whole website. Apply Style Sheets Apply a style sheet (.css file) to the website. Create Groups Create a group of users that can be used anywhere within the site collection. Browse Directories Enumerate files and folders in a website by using SharePoint Designer 2013 and Web DAV interfaces. Use Self-Service Site Creation Create a website using Self-Service Site Creation. View Pages View pages in a website. Enumerate Permissions Enumerate permissions on the website, list, folder, document, or list item. Browse User Information View information about users of the website. Manage Alerts Manage alerts for all users of the website. Use Remote Interfaces Use SOAP, Web DAV, the Client Object Model, or SharePoint Designer 2013 interfaces to access the website. Use Client Integration Features Use features that launch client applications. Without this permission, users must work on documents locally and then upload their changes. Open Enables users to open a website, list, or folder to access items inside that container. Edit Personal User Information Enables users to change their own user information, such as adding a picture. Personal Permissions Permission Description Manage Personal Views Create, change, and delete personal views of lists. Add/Remove Personal Web Parts Add or remove personal Web Parts on a Web Part page. Update Personal Web Parts Update Web Parts to display personalized information. Impact on Search ▪ When Permissions change, SharePoint must recalculate and update the index for the scope impacted by the security change. 14 | SharePoint Saturday St. Louis 2014 Demo 1. Search Service Application 2. Crawl Health Report 3. Add User 4. Run an Incremental Crawl 5. Inspect Report 6. Modify an AD Security Group 7. Repeat 4&5 15 | SharePoint Saturday St. Louis 2014 Summary ▪ Impact to incremental crawls using security groups vs SharePoint Groups ▪ SharePoint Farm Size determines overall impact ▪ There will be other factors that impact the incremental crawl. Documents! ▪ Governance for Security and use of Security Groups ▪ Security Group Sprawl 16 | SharePoint Saturday St. Louis 2014 Resources ▪ http://technet.microsoft.com/enus/library/cc721640.aspx ▪ http://msdn.microsoft.com/enus/library/dd728295(v=office.12).aspx ▪ https://www.nothingbutsharepoint.com/sites/eusp/pa ges/active-directory-groups-vs--sharepoint-groupsfor-user-management-a-dilemma.aspx ▪ http://www.sharepointnutsandbolts.com/2010/09/setobject-caching-user-accounts-with.html 17 | SharePoint Saturday St. Louis 2014 Thank you SPSKC15 sponsors!