Wednesday, October 3, 2012

IT vs Business: SharePoint permissions strategy

Recently I have ensured again that the main challenge for SharePoint professional in an organisation is the business processes setting up. There is no problem to organise corporate information and to build information architecture. There is no problem to provide shared workplaces for the business teams. Even there is no problem to automate existing processes. The problem is to set up correct business process when there is nothing existing.

Lets take some common process of permissions management. IT guys would like to control everything and would like to manage each particular operation with sensitive data. And this approach may be useful, but not for collaboration. In SharePoint all contents is the collaborative asset. So, the main business value of that system is sharing and team work with the documents. The mandatory condition here is a read-write access to document for each team member. The real life systems, unfortunately, rarely meet this simple condition.

Commonly I met situation when all SharePoint permissions managing by IT Service Desk. This does mean that SharePoint system administrator receiving 50 tickets each day with sentences like “I need access to sales report for March of 2011”, “Why I unable to read the corporate financial statement” or “Could you please remove that party photo where I am dancing on a table”. And our system administrator have no idea where this files located. So, he or she have two options: find file and grant the access or ask a team leader whether the person should have the access. In the first scenario it is obvious that corporate security not working – each employee can have the access if asking. In the second scenario the ticket returning back to business representative for approvement.

We have more requests, more bureaucracy, more time, more routine work for IT, less value for the business, less satisfaction with IT department, less satisfaction with SharePoint. And the only reason for that is the total control for IT guys and misunderstanding of the base principles of collaborative environment.

Common SharePoint permissions strategy

To avoid such problems we need to build the business process based on another strategy. IT guys just should admit that they not owning the corporate data. And they not manage it. IT is just providing a hosting environment; a service for the business.

So, suggested approach is to have a business owners for each business team site. The business owner or team leader will have the full permissions on a team web site. Full mean full – creation of the custom lists, sub sites and pages without any restrictions. This business representative is the only person who knows exactly how the team information sensitive. That person can make a decision and delegate an access to team members depending on own understanding. If somebody needs access to team information than he or she can contact directly the team leader and get the permissions. If something going wrong the team leader can still call to IT service desk and ask for help.

Mixed permission management system for SharePoint

This permission management strategy improves the corporate security for sensitive data, reduces the number of requests to IT and makes environment more open and collaborative. To support that strategy it is good to have an article on a portal which describes the process and a list of the business owners for each part of the corporate portal. Access to shared corporate pages like a news or branding information can be managed automatically based on organisation units membership.

For example, if we have hired an HR professional and have created an Active Directory account for the person than the account will be included in HR organisation unit which has access to shared upper level sites on the portal. This process not require a lot of efforts and should be done only on creation of the account. 

The zones of control under the corporate portal

The described approach successfully used for some of our customers. If you have some thoughts feel free to share it in comments. Thank you for reading!

4 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Hi Pavel, Here are a few SharePoint challenges you and your readers might find interesting. Cheers! http://blog.varonis.com/top-3-sharepoint-security-challenges/

    ReplyDelete
    Replies
    1. Xm, nothing realy interesting. It is not a limitations for business users. It is only weak implementation. It is well known that SharePoint is hard to support got IT guys.

      Delete