The rule of assigning permissions in SharePoint

  1. Assign permissions to groups—never to users directly.
  2. Whenever you change the membership of a SharePoint group, the next time the search passes with an incremental crawl, it will launch a full crawl to recalculate the entire access control list. So only give permissions to SharePoint groups. And the members of the SharePoint groups should be Active Directory groups, not individual users. This is best practice. When you assign permissions, please follow the steps.
  • Give permissions to SharePoint groups so your library gives rights to SharePoint groups.
  • Inside of your SharePoint groups, add Active Directory groups.
  • Then, add your users to an Active Directory group.

3. The best thing to do—as long as you can, for as far as you can—is to leave permission inheritance intact. If you have to break it, try to do so at the site level, if possible. If you’re going to break permission inheritance, try to do it at the document library or folder level.

4. there are a number of important differences between managing NTFS permissions on your file server and managing SharePoint permissions, including the different permission levels and the fact that SharePoint automatically deactivates inheritance when you set custom permissions.

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com