Ultimate Guide to SharePoint Permissions
Everything you need to know to protect your digital workplace with better SharePoint permissions management.
Bridging the gap between collaboration and security.
Microsoft has made it easier than ever for businesses to share information and collaborate on documents. Every file has a “Share” button and any user can create a digital workspace to collaborate with another user, both external and internal.
While you want to allow your team to collaborate in whatever way makes them the most productive and, ultimately, profitable, you must be cautious about what you share with whom. With more and more sensitive information being digitised, sharing needs to be more controlled than ever to ensure private data stays that way. The risk of a costly data breach is simply too high – $4.35 million, on average.
For example, permissions that grant “anyone in my organisation” access sounds safe until you remember nearly one in 10 data breaches are caused by malicious insiders and 20% of data breaches are caused by compromised credentials.
This leaves your IT admins to try to balance competing priorities. On one hand, your users want rapid, easy collaboration. On the other hand, information security officers and executive teams need to prioritise compliance and risk reduction as part of their business continuity efforts.
Now you have a perfect storm of users collaborating across a lot of data on a platform that makes data easy to share, but permissions hard to manage, and IT teams struggling to maintain control over what information lives where and any potential oversharing.
That’s where you come in: you can help balance usability and security by offering your admins tools that can help them monitor and control workspaces without overburdening their already busy team. With these solutions, your team can:
- Access Content Insights
- Monitor SharePoint Usage
- Analyse Site Data
- Optimise Employee Engagement – and more
These tools also leave your end users happy, as they still have the freedom and flexibility to collaborate.
While permissions are more of an art than a science – every organisation will have different needs based on the type of information they store and how they tend to share it – there are solutions that make securing your SharePoint library easy.
In this guide, we’ll help you decipher the most common SharePoint permissions issues and share tips and tools on how to mitigate them.
Table of Contents
SharePoint Permissions 101
Case #1: External Users
Case #2: Sharing Links
Case #3: Internal Inquiries and Investigations
Case #4: Microsoft Teams
Insights Solves Your SharePoint Security Challenges
eBook Sneak Peek:
Sharing a site with someone makes them a member of the site
External sharing in SharePoint is not just sharing documents – sometimes, you need to share an entire site. If you grant someone access to a site, they automatically become a member of the connected Microsoft 365 Group and have limited access to additional services integrated with that Group.
By default, at the tenant level, Microsoft 365 Groups allow owners and Microsoft 365 global administrators the ability to add external guests as members and provide these guests access to group files and OneNote. That means any external user who has guest access to your tenant could be added to a SharePoint site (perhaps one with sensitive information) without you or your IT team knowing. If you aren’t closely monitoring and control guest membership and lifecycle, these external users could easily gain access to something they should not have access to. (pg.9)
Sharing links can be “Anyone” links by default
Like external access, the default setting for sharing in SharePoint is “Anyone.” That means any user in your tenant can create those anonymous links we discussed in the last section – and you may not even realise it. What’s more, an Anyone link means someone can access you document or files without a sign-in. Which means not only can anyone access your content, but you have no idea who these people are – hence why Anyone links are often called anonymous links. (pg.14)
While documents inherit permissions from their site, inheritance can be broken
One of the most powerful aspects of SharePoint is “object-level permissions,” or the ability to give access to a whole site or system. This is a huge benefit in SharePoint because it streamlines permissions, allowing all your content to inherit the permissions of the site its housed in. That means access is the same on file A as file B as library X as list Y as the entire site.
However, SharePoint does allow the option to break inheritance, meaning assigning different unique permissions for a file, library, list, or anything in that site from the site itself. This is where it gets risky. If you break inheritance, you’re significantly increasing the complexity of your permissions set-up. This isn’t inherently troublesome, but you must be ready to keep things under control once you do it. (pg.15)
Insights solves your SharePoint security challenges
At the end of the day, Insights allows IT to see in-depth what is going on in M365, without the need for special skills like PowerShell and data science understanding. And even if your IT team has those skills, the AvePoint solution allows you to re-allocate expenses and technician time – after all, a subscription to Insights would likely provide more information and take less time than someone going through and building all of this themselves. Then, your team can immediately take action based on the information Insights discovers, all from within the solution. (pg.32)