SharePoint 2010 has some nice additions to how permissions work compared to how they worked in SharePoint 2007. Back in 2007 it was always a challenge to maintain visibility of who had permission to which area. Once a user had grasped the concept of security in SharePoint – consisting of SharePoint Groups, Permission Levels (and the Permissions that make up a Level) – then often there was a proliferation of broken inheritance and new SharePoint Groups across a site collection. Whilst it was possible to click through to every site, list or library in a site collection, 3rd Party tools were relied upon to give a view of exactly how the security was configured.
In SharePoint 2010 this is greatly improved by the introduction of some new tools around security allowing you to:
- View site collection permissions for a group
- Check permissions for a particular user or group on a site or list
- Show uniquely secured content on a site
Viewing site collection permissions for a group
To view the permissions for a group across a site collection you navigate to the group in question and then from the Settings menu (I’m hoping the ribbon UI will come before RTM) choose View Group Permissions. This gives a new dialog with a list of the URLs that the group has permissions on and the specific permission level. Note this dialog does not explicitly list every site, list or item, but rather the ‘parent’ URLs that they are inherited from.
Check permissions for a particular user or group on a site or list
From a the permissions page on a site, list or item there is a new button on the contextual Permission Tools ribbon labelled Check Permissions. This button opens a dialog with an input for a user or group. Hitting Check Now returns a view of the permissions levels given to that user or group on the site, list or item.
Show uniquely secured content on a site
In addition to the many advantages, dangers of item-level security and the ability to break inheritance of permissions can lead to an administrative nightmare for keeping on top of security. This has been mitigated somewhat by the ability to show uniquely secured content from the permissions page of a site, list or item. There is now a status message displayed if there is uniquely secured content. On a site or list the status message includes a link which brings up a dialog of exactly what content is uniquely secured.
These are all great improvements and highlight again how Microsoft have been listening to the feedback from MOSS and built it in to 2010.