Upcoming Live Demo
Join a demo webinar for a product walkthrough and get answers to your questions live.
If a bead of sweat runs down your neck when you hear the words "SharePoint permissions," you're not alone. Maintaining a balance between security and usability—not to mention creating a system that can scale across thousands of files and sites—has become a bête noire for SharePoint admins.
Go too far in one direction, and confidential data may be exposed. Too far in the other direction, and people can't get their jobs done. It's a time-consuming and costly problem, and it only gets more difficult your SharePoint instance grows.
All hope is not lost, though. With the right tools, managing permissions at scale is achievable. So let's take a look at three common challenges, and solutions we have for overcoming them.
Granting access in SharePoint has a "choose your own adventure" feel to it. You have your choice of using SharePoint Groups, Active Directory Security Groups, M365 Groups/Teams, or direct permissions assignment. Managing a combination of these methods can be a confusing mess. When an individual is granted access on an ad hoc basis, they may not get the access they need when data is added to a group they're not a member of.
And it's just as easy for individuals to end up with access to more than they need. What does that mean? Oversharing for some users, undersharing for others. You're left with a situation where you're either opening the door to security vulnerabilities or slowing down work by making people hunt around for the right person to give them access to the information they need. Plus, all of these different ways of creating groups open the door to the creation of conflicting permissions, a situation that can be a huge headache to untangle.
What to do:
Orchestry features a number of workspace reports that can give you the lay of the land as far for site membership. These reports allow you to review user access and sites with guests, as well as owners, members, and guests by site.
Want to learn more about taming SharePoint? Watch our on-demand webinar, How to Better Control Your Microsoft 365 Environment
As people in an organization leave the company, you'd ideally remove them as needed. But because of its overly complex permissions structures—and the fact that disabling a user account doesn't remove them from site permissions—SharePoint isn't going to make that easy. The result is things falling through the cracks.
If an admin isn't able to surgically remove an exiting user's permissions for every single site and group, and delete each and every unique permission scope, they'll linger. This "orphan account" remains in limbo, leaving a gap in security. Departing employees also present a danger with any shared links they've created; without an owner, the link has no one to review and disable it. Most importantly, though, are sites for which they were the sole owner. These now ownerless sites present a few problems:
Security risks. Sites without active owners lack someone to manage permissions, review shared links, and ensure sensitive information is protected. Unauthorized access and potential data breaches can follow.
Compliance issues. Governance measures like retention policies rely on site ownership. Enforcing these policies without an owner is difficult and can lead to non-compliance with regulatory requirements.
Administrative burden. Ownerless sites are yet another item on the list of things that admins have to manage, chipping away at their often dwindling capacity.
Operational inefficiency. With no one to keep an eye on the site's content and usage, it can quickly become outdated, cluttered, or inactive—wasting costly storage expenses.
Lack of accountability. Ownerless sites can easily become neglected, making them prone to falling out of alignment with organizational standards.
What to do:
Orchestry's Workspace Review feature can also identify ownerless sites. From there, admins can easily remedy the situation by promoting an existing member to owner or assigning a delegate as owner.
In many organizations, the ability to add guest users to a SharePoint site is critical to collaboration. Whether it's used for partners, clients, or vendors, guest user functionality enables sharing of relevant data without compromising security.
That's not to say it's foolproof. Guest users in team sites have edit permissions by default, which can lead to oversharing of sensitive information and the risk of unauthorized access and potential data leaks. And if their access isn't revoked when a project or relationship has concluded, they may retain access to sensitive information long after they need it, leading to potential data breaches.
Given these issues, management of guest users is a top priority. Unsecured guest access can lead to non-compliance, which can have serious legal and financial consequences. But as with all management issues, it can time-consuming and error-prone.
What to do:
Orchestry features several tools to control and monitor guest access across Microsoft 365. Among these are detailed guest insights that provide visibility into the status of guest users, their access rights, and historical activity within your tenant. Orchestry also automates the review of existing guest users and creation of guest request policies. There are also proactive recommendations for admins to take action on, like identifying inactive guests who are candidates for removal and sites without guest review policies in place.
Over 20 years of history lead us to believe that permissions in SharePoint may never be "easy" to manage out of the box. But with the proper setup and the right tools for monitoring and maintaining your instance, you can get a better handle on permissions without making it your full-time job. To learn more—and how Orchestry can help—watch our on-demand webinar, How to Better Control Your Microsoft 365 Environment.
/HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg)
/HubSpot%20-%20Buyers%20Guide%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20Buyers%20Guide%20-%20Proof%20Card%20Mockup%20001-min.jpg)
/HubSpot%20-%20Features%20Sheet%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20Features%20Sheet%20-%20Proof%20Card%20Mockup%20001-min.jpg)
