Ask any SharePoint admin and they will all tell you that the most common request from end users is changing or setting permissions for a container or object (site collection, library, etc.). I wouldn’t be surprised to find some SharePoint admins spending over 50 percent of their time on the job just managing permissions depending on access policies and content sprawl. This incurs significant opportunity cost to the organization as the time could be spent on keeping new projects on schedule and under budget, researching new functionalities and services, or building out new capacity for the farm rather than processing helpdesk tickets for permissions changes.
This isn’t to say that properly managing and enforcing permissions is just a nuisance – it’s absolutely critical to maintain proper access to different types of data you house. But considering much of the process requires confirming with content owners or set policies, it means there are set standards that need to be followed. So let’s now take a look at how to automate SharePoint Permissions using technology that can streamline processes for managing and changing permissions with accordance to your policies and standard practices.
How to Automate SharePoint Permissions Management with DocAve Governance Automation
AvePoint’s DocAve Governance Automation for SharePoint and Office 365 allow content owners to manage permissions to their content – all while maintaining proper governance of the farm. Administrators can set up services based on policies, where requests from end users are routed to content owners on the front end to ensure business requirements are correct before changes are put through without the admin’s further involvement.
Services are maintained separately from approval processes and policies to allow admins to easily mix and match as needed, not only making it more flexible and easier to scale but scale with consistency.
Let’s take a look at how to set up automated permissions management services.
Setting Up Permissions Management Services: Approval Process
The first thing an admin needs to do is create the approval process. This will control who approves the request – content owner, site owner, compliance officers, IT, etc.
Approval Process Stages
Governance Automation allows for several different approval schemes – auto approval, single approver, multiple approvers in sequence, and multiple approvers in parallel.
Keep in mind, once an approval process is created, it can be used for any service in Governance Automation.
A few things to note:
- Categories are for organization of the approval processes and does not affect which processes are available to any particular job.
- You can have up to three approval stages, but each stage can go through multiple approvers.
- If you already use SharePoint Workflows or K2 Workflows, just follow the instructions on the screen to use those instead.
- Auto approve means the requested service will be provided with no human interaction. This could be really handy if you want to set up easily repeatable actions for yourself or your team and ensure they’re carried out the right way each time without manually configuring settings each time.
Approvers can be any Active Directory (AD) user, or a ”role” instead of a user name. Using roles and/or metadata allows an approval process to be less specific, but more dynamic in terms of keeping up with organizational changes. It also allows the same approval process to notify many different approvers based on your pre-designation within SharePoint. Roles are specified using the $ symbol, and you can also indicate whether the approvers can delegate this responsibility.
The next section is for duration and escalation. Sometimes, approvers do not approve the requests in a timely fashion. This can cause frustration for end users. The escalation section allows the system to send the request to another person to be addressed. In the screenshot below, you can see the escalation has been set so that after three days, a notification will be sent to the manager of the assigned approver.
Setting Duration and Escalation in DocAve Governance Automation
Setting Up Permissions Management Services: Creating the Service
All services are configured in the service management section. Most services have common areas such as name, description, and department. The onscreen instructions will guide you through so I will just cover a few things to note for permission management services specifically.
One thing to consider is where you want to have this specific service be available. This can be the entire farm, multiple site collections or sites, or even lower level containers like libraries and folders. You can even choose to allow the business user to put in the URL themselves. Alternatively, you can embed our web-part directly into the site page.
The “Select Users” section is to determine any users whose permissions can be changed using this service. “All Users” allows the service to change the permissions of any user in the farm. The other options allow changes to direct reports, peers, and indirect reports.
Depending on what the scope is, you may not want to give users all the control when it comes to permissions. Consult with the owner of the scope, and set a limit as to what permissions are okay to change, and what permission levels are off limits.
We’ve built a lot of flexibility into Governance Automation to fit various scenarios for organizations of industries far and wide, but sometimes you just have that one use case where you need a little something different. Custom Action allows Governance Automation to run a script either before or after approval, or after the service is delivered. You can even set up an execution schedule that allows the requestor to select a scheduling option you predefine. This can be used to defer the execution of the service, this time, providing flexibility to the business user.
This is just one of the many tasks Governance Automation can perform. You can learn more about DocAve Governance Automation on its product page. Or check out the below posts to learn about:
- Automation based on classification
- Automating SharePoint provisioning (coming soon!)
- Automating content lifecycle management (coming soon!)
- Automating records management (coming soon!)