Choosing between AD and SharePoint Groups.
A question that comes up often is what is the best approach for assigning permission levels in SharePoint?
Here are some guidelines from my personal experience:
A general rule of thumb is the less security principals you have, the more scalable your security design will be. In other words, it's easier to assign permission levels to 1 group than 100 users.
Avoid assigning permission levels directly to user accounts-use either an Active Directory (AD) group or a SharePoint group to contain the users. If there is a one-to-one mapping between an AD group and a SharePoint permission level, you could assign permissions to the AD Group rather than creating a SharePoint group, but if you always use a SharePoint group, you have a clean way to add more users/groups later if you need to.
Use SharePoint groups over AD security groups. You can delegate control of SharePoint groups to site administrators. If you use AD groups, there could be a bottleneck getting users added/removed from them since only a select few in the organization have permissions. Another issue with AD groups is you cannot view the members in SharePoint, making it difficult to determine who has access to what.
Here is an excellent post that compares and contrasts SharePoint and AD groups
This entry was posted
on Tuesday, July 10th, 2007 at 8:45 pm and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Choosing between AD and SharePoint Groups.
A question that comes up often is what is the best approach for assigning permission levels in SharePoint?
Here are some guidelines from my personal experience:
A general rule of thumb is the less security principals you have, the more scalable your security design will be. In other words, it's easier to assign permission levels to 1 group than 100 users.
Avoid assigning permission levels directly to user accounts-use either an Active Directory (AD) group or a SharePoint group to contain the users. If there is a one-to-one mapping between an AD group and a SharePoint permission level, you could assign permissions to the AD Group rather than creating a SharePoint group, but if you always use a SharePoint group, you have a clean way to add more users/groups later if you need to.
Use SharePoint groups over AD security groups. You can delegate control of SharePoint groups to site administrators. If you use AD groups, there could be a bottleneck getting users added/removed from them since only a select few in the organization have permissions. Another issue with AD groups is you cannot view the members in SharePoint, making it difficult to determine who has access to what.
Here is an excellent post that compares and contrasts SharePoint and AD groups
This entry was posted
on Tuesday, July 10th, 2007 at 8:45 pm and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
johnwpowell