SharePoint 2007 Security


Some easy words to understand the Change in Security Model for SharePoint 2007.  The lines below will provide some basic overview of the Security in SharePoint 2007.

 

The way that groups and permissions interact has changed significantly from the previous version.

In the previous version, site-level groups were used to contain both users and permissions — that is, when you added a user to a site group, you automatically determined the permissions that the user was granted for a site.

In this version, the concepts of groups of users and permissions have been separated I.e.

SharePoint groups at the site collection level contain the users,

Permission levels contain the permissions, and

Groups have no permissions until

they are assigned a permission level for a specific securable object (such as a site, list or library, folder, item, or document)

Elements of SharePoint 2007 Security


SharePoint 2007 introduced a updated security Model.  The Five key elements of the model are given below with some basic information.

clip_image0012

Individual user permissions

Individual permissions that grant the ability to perform specific actions e.g. View Items to view documents or items in a list.

Permission level

A pre-defined set of permissions that grants users permission to perform related actions.

The default permission levels are: Limited Access, Read, Contribute, Design, and Full Control.

User

A person with a user account that can be authenticated through the authentication method used for the server.

User should be added to a group and groups should have permissions assigned. 

Group

A group of users. Can be a Windows security group (such as Department_A) that you add to the site, or a SharePoint group such as Site Owners, Site Members, or Site Visitors.

Group permissions can be changed any time.

Securable object   

Users or groups are assigned a permission level for a specific securable object: site, list, library, folder, document, or item. By default, permissions for a list, library, folder, document, or item are inherited from the parent site or parent list or library. However, anyone assigned a permission level for a particular securable object that includes the Manage Permissions permission can change the permissions for that securable object.