From the many conversations we have had with customers on SharePoint implementation over the years, one of the frequent pain points raised is permissions management. Questions organizations often ask include:
- How do you ensure that those who have access to SharePoint have the correct level of permissions?
- If permissions were adjusted incorrectly, how can the right people be notified to remediate those changes?
- Over time, how do you ensure users maintain the proper level of permissions once they are provisioned?
These are issues that plague any size organization. Out-of-the-box functionality in SharePoint does not allow administrators to apply permission changes or updates in batch. Administrators have to navigate to each site or site collection to make the changes needed – which can be a tedious and time-consuming process. Additionally, SharePoint lacks the continued monitoring of unwanted permission changes and automated notification of these changes that the administrator group needs.
Our SharePoint administration solution DocAve Administrator – part of our fully integrated SharePoint infrastructure management platform – is designed to help tame the havoc that is stirred up while trying to control SharePoint permissions in on-premises, hybrid, or cloud implementations. In particular, the Security Search functionality within DocAve Administrator provides IT administrators the necessary monitoring and alerting mechanisms to keep users and their permissions in check.
Security Search in DocAve Administrator
Security Search is a powerful tool to detect a breach in ethical walls, which are in place at most organizations because there is a need to block sensitive information from being seen by unauthorized users. One of the most common ethical wall scenarios companies face is the need to limit the audience of a site to those who are authorized. For example, as a part of its function, Human Resources regularly handles highly sensitive and confidential employee information that shouldn’t be available to the rest of the company. Therefore, it is imperative for the IT administrator group to perform frequent checks on who has access to the HR site and remove the permissions for those who have inappropriate access to maintain the boundaries set up by the company.
DocAve’s Security Search function is especially handy in detecting these situations. Through a single pane in DocAve Administrator, an administrator can see the permissions across his or her entire SharePoint environment and perform a search. The configurations to set up the search are flexible and allow admins to broaden or narrow their inquiries based on the scope of their SharePoint environments or on the specific users that they want to find. They can also target the searches to high business impact sites only, which may be especially sensitive to improper visibility and need immediate remediation and action to remove those who have elevated access. Additionally, the search can be scheduled with notifications emailed to the admins when the results are ready to view so they can take action. By scheduling, admins no longer need to continually recreate a past searches, which saves time that can be spent carrying out other important tasks for the organization.
Security Search in Action
Sticking with my previous example of limiting the HR site’s audience to those only in HR, the screenshot below shows the returned Security Search results.
This results page displays who has permissions to the HR group and the types of permissions the groups and users have within the HR site collection. More importantly, admins can easily see who is not supposed to have permissions to this site, such as the highlighted “Accounting” SharePoint group with the “Edit” permission level. Based on this information, the admin can perform remediating actions to remove the entire group’s access to the HR site collection.
Proactive SharePoint Permissions Enforcement
Even further, admins can be proactive in establishing who should have permission to the HR site collection. DocAve Administrator’s Policy Enforcer feature allows admins to set up rules that detect and prevent certain users or groups from being added improperly. Once a rule is created, when an unauthorized user is added, Policy Enforcer will flag the violation and automatically revert the out-of-policy permission change as well as notify those in the organization who need to know what just happened so they can follow up accordingly.
Stay tuned for a more detailed examination of Policy Enforcer as well as information on how AvePoint can provide proactive and innovative solutions that maintain SharePoint health at your organization.
Learn More and Download our Free Survival Guide
Want more advice on how to assess your SharePoint environment? Download our free Survival Guide for Assessing SharePoint today!