This is a guest post by Benjamin Niaulin from Sharegate
Planning Security when migrating to SharePoint
Whether you are migrating from a shared drive or from SharePoint there will come a time where you will need to sit down and think about permissions. Many companies have specific requirements when it comes to security and permissions. When migrating to SharePoint, one step that is often looked over too fast or too late is managing permission levels and security groups.
Understanding the SharePoint security basics
One thing we learn quickly in SharePoint is that users will only see what they have access to. This is called Security Trimming. The concept is a welcomed addition to the basic security measures we were used to in file shares. I see the Salary folder but I can’t access it is something that you won’t live anymore thanks to the Security Trimming applied by SharePoint.
But other problems arise in SharePoint when security isn’t planned before migrating content to it. Search is a very powerful tool. Search will bring results from all over the place back to the user searching it. This is great if your content is properly secured. However, in most SharePoint implementations that I have seen there was no strict security governance in place. So it started off well with great intentions, then the Power Users grew in numbers and so did the number of bad security practices. This meant that the Search Results would show documents from some Site Collection the user did not know he had access to and in my cases shouldn’t.
Power Users will need to get comfortable with the basics and the governance in place.
One thing to understand is that the SharePoint groups that are created only exist in the Site Collection where they were created. They cannot be used across Site Collections. On the down side, some Site level administrators may think the groups only exist in their site. That is probably one of the biggest issues I have ran into.
SharePoint Permission Levels
Of course, after understanding groups we need to clarify permission levels. This is the level of rights we give to a SharePoint User or Group. From Full Control to View Only there are a few levels available. The key is to understand them properly. By clicking on a Permission Level in your Site Settings, you will see a detailed list of what this Permission Level actually grants.
A common practice is to create a new Site Owner Permission Level that only grants the owner of the site with what you want them to do. I usually remove the right to create sub-sites, this helps the SharePoint team not only maintain a good control over the architecture but also guide the users accordingly when their requirements change.
Migrating documents from file shares
Now that we’ve covered the basics of SharePoint security, we can talk about migrating documents over. If you are looking into more information on how to decommission file shares, check out this post.
Files and folders on your Shared Drives have been using a permission hierarchy since the dawn of time, well maybe not that long but for a very long time. Migrating all of these to SharePoint could prove to be a very long and painful task. Why? SharePoint doesn’t use the same method of assigning permissions as file shares. In fact, SharePoint stores this information in a database, so the more we Stop Inheritance the more requests are sent to the database and the slower SharePoint gets. Stopping Inheritance means telling SharePoint that you no longer want to use the set of permissions assigned to groups and users from the parent object.
This means that a lot of your architecture will be adapted based on the security requirements of your Files when migrating to SharePoint.
I have rarely done this without the help of SharePoint Migration tools that help map the appropriate permissions when migrating. This makes the job a lot faster and a lot easier.
Remember to plan the SharePoint Groups you will be using as well as Permission Levels. Then, when preparing the actual SharePoint Migration, try to use mapping tools to help you see what permissions will be applied to whom and where. Hope this helps.
Biography Benjamin Niaulin
Benjamin Niaulin works as a SharePoint Geek at Sharegate, a Montreal-based software development firm specialized in SharePoint migration.
Passionate about SharePoint, Benjamin has been helping people around the globe reaching their goals by simplifying SharePoint solutions. With his Microsoft Certified Trainer certification and over 5 years of Training and Speaking experience, he has acquired the skills needed to help everyone understand and use SharePoint.