Archive for October, 2009

SharePoint Conference – One Week to Go to Free Software

Tuesday, October 13th, 2009

We are one week away from the start of the SharePoint Conference in Las Vegas. By all indications (early sellout) it looks like it will be an extremely successful event. We are just finishing up our preparations for our participation in the show. This will be our first time at the conference. We will have a booth in the exhibitor area. It will be a bit of a coming out for us as we will be making people aware of all the new SharePoint applications we launched this year. We look forward to seeing you at the show.

For people who visit us at the show we’ll be giving away for free our Document Converter for SharePoint software. This software automatically converts Office 97-2003 documents to Office 2007 format when the documents are saved or uploaded into a SharePoint library. This can be useful for anyone migrating to Office 2007. It allows you to bulk convert large numbers of documents to Office 2007 format simply by dropping them into a SharePoint library. Drop by and get the code which will allow you to download this software from our website.

The conference is also a coming out for SharePoint 2010. There will be a number of metadata and taxonomy improvements in 2010 and I look forward to some detailed sessions on these topics. As you would expect we will also be giving demonstrations of all of our software during the show. See you at the show!

SharePoint Security – Inheritance – Good or Bad?

Tuesday, October 6th, 2009

The standard SharePoint security model is primarily based on the concept of inheritance. Any time a new object such as a document library or list is created, the object automatically inherits the security permissions of its parent. For example, if we create a new document library in a site, the document library will inherit all the security permissions of the site. This is different from the way a lot of security works. Security experts prefer an environment that has no permissions associated with a new object like a document library. In that model, you start with a clean slate and assign permissions that are appropriate for the object. Let’s look at the major advantages and disadvantages of SharePoint’s inheritance based security:

Advantages

1. Extremely easy to setup. When you create a new document library, you are off to the races. No special security configuration is needed. This is strength in small distributed SharePoint implementations where the group shares everything and security is not a big concern. In this type of environment simplicity and speed are the most important factors.

2. It is always possible to break the inheritance and assign specific permissions for an object. So, in addition to being very easy to setup, it is also flexible enough that you can tailor permissions for certain objects which require special security.

3. Any change to a permission in the parent site is automatically applied to any child sites. This means I only need to make a security change in one place and that change will be automatically applied to all the child sites.

4. Does not require special administrator training on security. You don’t need a security expert to setup SharePoint. Your standard SharePoint administrator can handle all the security tasks.

5. Inheritance can cascade down several levels. If you have a folder created in a document library, which is part of a site, the permissions can flow down to the folder and all of the documents in the folder automatically.

Disadvantages

1. Because it is so easy to setup, many SharePoint administrators don’t even think about security permissions. This can lead to situations where certain sensitive information saved to SharePoint can be inadvertently compromised.

2. Permission inheritance assumes that permissions for a particular document library should be the same as permissions for all the other document libraries. This is often not the case as some document libraries may contain more sensitive information.

3. This model is hard to administer if you want to change permissions. If you don’t want to inherit the permissions there is no way to stop the inheritance. You still need to break the inheritance from the parent object and then go in and manually remove all the permissions that are not appropriate. This can be a very time consuming task. The only situation where you can say that you don’t want to inherit permissions is for a sub-site. It would be nice if you could do this with other objects like document libraries and lists.

4. There is a lack of tools for administrators if an organization does not want to use inheritance. Setting up unique permissions for libraries and documents is difficult and time consuming. Maintaining these unique permissions is even more difficult. How does an administrator know which libraries or documents have unique permissions? There are no reports which provide this information. As a result it is very hard to track and maintain objects which have unique permissions which may need to be changed at some point.

To learn more about standard security for SharePoint document libraries and inheritance check out my SharePoint Security video on YouTube.

Charlie