I didn’t think it would be possible to make SharePoint permissions worse in 2013, but it is. Much worse. SharePoint 2007 and 2010 Site Collection Administrators and Site Owners are going to have to really keep their heads to effectively manage permissions in 2013. The need for a third party tool is actually no longer a luxury but an outright necessity.
Microsoft, please, you need to stop messing this up and fix it. It’s becoming a nightmare and serious operational risk for businesses trying to demonstrate security.
Anyway, while by no means a perfect solution, adding a Site Page with multiple versions of the Site Users Web Part on it can maybe assist Site Owners in seeing instantly who has access on their site. Deep-diving into the site to find out where these people and groups all have access is another matter altogether and I’m far too tired to write the 10 page book it would take to explain. :-S
Create a new Site Page and insert Site Users from the Social Collaboration Web Parts.
Edit the web part to show members of a specific group, then insert the name of the group. Don’t forget to edit the title of the web part so they all reflect the group name. Change the Toolbar type to show no toolbar.
Add the web part 4 times so you can display the default Members, Owners and Visitors groups as well as direct access.
Slightly shleppy to set up, but it should help new SharePoint users get a handle on things and bring a level of comfort to nervous users with sensitive content.
Views from Veronique 
[…] SharePoint 2013 Team Site Permissions Tip | Views from … – I didn’t think it would be possible to make SharePoint permissions worse in 2013, but it is. Much worse. SharePoint 2007 and 2010 Site Collection Administrators and … […]
LikeLike
They may recommend that, but not many clients AD’s are in good condition to use in the first place. No, this doesn’t show the members of the AD group, still need a 3rd party tool to do that.
LikeLike
Microsoft recommends using AD groups to manage permissions. I’m guessing this doesn’t populate the members of an AD group which is in a SharePoint group eh?
LikeLike
But why use the Target Audience here? The whole point of putting a page like this up is to show everyone on the site who has access to the site. It is to promote transparency, not hide content.
LikeLike
[…] Reposted with kind permission. The original is here. […]
LikeLike
Veronique
Add SiteUsers WebPart from Social Collaboration
Use Target audience if need be.
Remember to pick specific groups for each group
repeat for each group (say Members, visitors, etc)
Thnx to Rob’s book @rgarrettpro
Its a treasure trove!
🙂
LikeLike
Add Webpart[Social Collab>Site Users] +use w Target audience. Just remember 2 pick specific groups for each group!
BTW: Thats thanks to Rob Garret
Site Users
Add SiteUsers WebPart from Social Collaboration
Use Target audience if need be.
Remember to pick specific groups for each group
repeat for each group (say Members, visitors, etc)
Thnx to Rob’s book @rgarrettpro
Its a treasure trove!
🙂
LikeLike
@Robert, phew I wouldn’t have done that. 🙂 But each to their own, I think we all just have to do what works for us in this complicated space. I am having endless permissions issues in 2013…
@Lisa, yep, I agree. It’s now a standard on anything we build. Glad it helped.
LikeLike
This is actually a great idea for 2010 too. I have a lot of people who are new to handling permissions and it would be a lot easier if they could see everyone in all the groups without having to click on them. Heck, having a page like this on every site would make my life easier too.. lol.
LikeLike
Hi Veronique,
While I completely agree that the mechanics of Security within SharePoint need to be more transparent, I do disagree that 2013 is “worse”. The only thing different in 2013 is that there are handy-dandy SHARE buttons all over the place. They don’t actually change how security is handled in 2010.
One solution that I have come across while instructing classes is to create a new permission level that is essentially “full control minus”. You take away the ability to manage permissions in this permission level and permissions become a centralized role for a select set of individuals that make use of 2013’s permission request system. Perhaps even create a permission level with only the ability to edit permissions which would work well with SharePoint’s cumulative style permission management.
While this does create some more bureaucracy, security is a trade-off on usability. At the very least this allows accountability to be placed into the hands of a select few. I would love to see a security dashboard created by someone out there. Have you had any good experiences with 3rd party products?
Regards,
Robert
LikeLike
Because that only shows the groups, not the users Inside the groups – which is what most Site Owners want to know.
LikeLike
Hi Veronique, why not use the top radio button thats shows all groups of the site in 1 webpart?
LikeLike