SharePoint Security

and Search
Lou Farho, Design Architect
Alexander Open Systems

Thank you SPSKC15

sponsors!

About M e
Lou Farho

LouFarho@aos5.com

SharePoint Design Architect

20+ years in IT
10+ years working with Portals
7+ years working with SharePoint
http://www.linkedin.com/in/loufarho/
Wrote my first program in FORTRAN using a card punch machine
Bachelors in Physics (University of Nebraska-Lincoln)
Master in Computer Science (University of Nebraska-Omaha)
3

| SharePoint Saturday St. Louis 2014

AO S SharePoint PortalPractice
Microsoft Gold Partner Top Talent
Portals and
Collaboration

4 Microsoft SharePoint vTSPs

Communications

Average of 7 years of SharePoint

Experience

Messaging
Server Platform

16 Architects and Developers

Over 50 migrations from

SharePoint 2007/2010 to 2013

Customers Win
99.68% of customer respondents would refer AOS to their
peers!
4 | SharePoint Saturday St. Louis 2014

Agenda
Discuss SharePoint Security
Discuss Search
Demo

| SharePoint Saturday St. Louis 2014

SharePoint Security
When you start looking at security, chances are good
that you start with the basics: who is allowed to access
SharePoint resources, what resources are they allowed
to see, what resources are they allowed to use, and
how
are
they
allowed
to
use
them.

Active Directory Security Groups

SharePoint Groups
Direct Permissions
Permission Levels
6

| SharePoint Saturday St. Louis 2014

Active D irectory Security G roups

This is the backbone to provisioning end user access
into you Web Applications, Site Collections and Sub-Sites
This allows easy transitions of user access by
memberships to AD groups.
Copy another users access by looking at their AD
memberships
Can delete a User from the User Information List
without harming their access into the site collection
7

| SharePoint Saturday St. Louis 2014

SharePoint G roups
Use SP Groups to encapsulate the Permission
Levels
Owners
Members
Visitors
Custom Levels
Add AD Security Groups
Add Users
8

| SharePoint Saturday St. Louis 2014

D irect Perm issions

Bad, Very Bad
Hard to determine who has what access
Need to leverage third-party to find out
Better to use a SharePoint Group

| SharePoint Saturday St. Louis 2014

Perm ission Levels

Permissions are rights to do something; to view, create,
delete, or edit something.

User Permissions are broken down into three

categories
List Permissions
Site Permissions
Personal Permissions
10

| SharePoint Saturday St. Louis 2014

List Perm issions

Permission

Description

Manage Lists

Create and delete lists, add or remove columns in a list, and add or remove public views of a list.

Override List Behaviors

Discard or check in a document that is checked out to another user, and change or override settings
that allow users to read/edit only their own items.

Add Items

Add items to lists, and add documents to document libraries.

Edit Items

Edit items in lists, edit documents in document libraries, and customize Web Part pages in document
libraries.

Delete Items

Delete items from a list, and documents from a document library.

View Items

View items in lists, and documents in document libraries.

Approve Items

Approve a minor version of list items or document.

Open Items

View the source of documents with server-side file handlers.

View Versions

View past versions of a list item or document.

Delete Versions

Delete past versions of list items or documents.

Create Alerts

Create alerts.

View Application Pages

View forms, views, and application pages. Enumerate lists.

11

| SharePoint Saturday St. Louis 2014

Site Perm issions

Permission

Description

Manage Permissions

Create and change permission levels on the web site and assign permissions to users and groups.

View Usage Data

View reports on website usage.

Create Subsites

Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.

Manage Web Site

Grants the ability to perform all administration tasks for the web site, as well as manage content.

Add and Customize Pages

Add, change, or delete HTML pages or Web Part pages, and edit the website.

Apply Themes and Borders

Apply a theme or borders to the whole website.

Apply Style Sheets

Apply a style sheet (.css file) to the website.

Create Groups

Create a group of users that can be used anywhere within the site collection.

Browse Directories

Enumerate files and folders in a website by using SharePoint Designer 2013 and Web DAV interfaces.

Use Self-Service Site Creation

Create a website using Self-Service Site Creation.

View Pages

View pages in a website.

Enumerate Permissions

Enumerate permissions on the website, list, folder, document, or list item.

Browse User Information

View information about users of the website.

Manage Alerts

Manage alerts for all users of the website.

Use Remote Interfaces

Use SOAP, Web DAV, the Client Object Model, or SharePoint Designer 2013 interfaces to access the
website.
Use features that launch client applications. Without this permission, users must work on documents
locally and then upload their changes.

Use Client Integration Features

Open

Enables users to open a website, list, or folder to access items inside that container.

Edit Personal User Information

Enables users to change their own user information, such as adding a12picture.
| SharePoint Saturday St. Louis 2014

PersonalPerm issions
Permission

Description

Manage Personal Views

Create, change, and delete personal views of lists.

Add/Remove Personal Web Parts

Add or remove personal Web Parts on a Web Part page.

Update Personal Web Parts

Update Web Parts to display personalized information.

13

| SharePoint Saturday St. Louis 2014

Im pact on Search
When Permissions change, SharePoint
must recalculate and update the index
for the scope impacted by the security
change.

14

| SharePoint Saturday St. Louis 2014

D em o
1. Search Service Application
2. Crawl Health Report
3. Add User
4. Run an Incremental Crawl
5. Inspect Report
6. Modify an AD Security Group
7. Repeat 4&5
15

| SharePoint Saturday St. Louis 2014

Sum m ary
Impact to incremental crawls using security
groups vs SharePoint Groups
SharePoint Farm Size determines overall impact
There will be other factors that impact the
incremental crawl. Documents!
Governance for Security and use of Security
Groups
Security Group Sprawl
16

| SharePoint Saturday St. Louis 2014

Resources
http://technet.microsoft.com/en-us/libra
ry/cc721640.aspx
http://msdn.microsoft.com/en-us/library/
dd728295(v=office.12).aspx
https://www.nothingbutsharepoint.com/si
tes/eusp/pages/active-directory-groupsvs--sharepoint-groups-for-user-manageme
nt-a-dilemma.aspx
17

| SharePoint Saturday St. Louis 2014

Thank you SPSKC15

sponsors!