Plan for permission inheritance
Ref: http://technet.microsoft.com/en-us/library/cc287752.aspx
An example of Plan for Permission Inhertance
It is much easier to manage permissions when there is a clear hierarchy of permissions and inherited permissions. It becomes more difficult when some lists within a site have fine-grained permissions applied, and when some sites have subsites with unique permissions and others with inherited permissions.
For example, it is much easier to manage a site that has permission inheritance, as shown in the following table.
| Securable object | Description | Unique or inherited permissions |
|---|---|---|
| SiteA | Group home page | Unique |
| SiteA/SubsiteA | Sensitive group | Unique |
| SiteA/SubsiteA/ListA | Sensitive data | Unique |
| SiteA/SubsiteA/LibraryA | Sensitive documents | Unique |
| SiteA/SubsiteB | Group shared project information | Inherited |
| SiteA/SubsiteB/ListB | Non-sensitive data | Inherited |
| SiteA/SubsiteB/LibraryB | Non-sensitive documents | Inherited |
However, it is not as easy to manage a site that has permission inheritance, as shown in the following table.
| Securable object | Description | Unique or inherited permissions |
|---|---|---|
| SiteA | Group home page | Unique |
| SiteA/SubsiteA | Sensitive group | Unique |
| SiteA/SubsiteA/ListA | Non-sensitive data | Unique, but same permissions as SiteA |
| SiteA/SubsiteA/LibraryA | Non-sensitive documents, but with one or two sensitive documents | Inherited, with unique permissions at the document level |
| SiteA/SubsiteB | Group shared project information | Inherited |
| SiteA/SubsiteB/ListB | Non-sensitive data, but with one or two sensitive items | Inherited, with unique permissions at the item level |
| SiteA/SubsiteB/LibraryB | Non-sensitive documents, but with a special folder that contains sensitive documents | Inherited, with unique permissions at the folder and document level |
Comments
Post a Comment