Site security proved to be a bit of a nightmare - needless to say once we figured it out it turned out to be really straight forward.
Each site collection in the farm has been secured using new & existing Active Directory (AD) groups in the domain.
The Intranet portal site collection has one SharePoint security group called Viewers which contains the AD group: DOMAIN\adm dl u portal domain users and which is set to Read, Restricted Read & View Only. This enables all domain users to access and view unsecured content across the site collection.
Each site within the portal site collection either inherits the top level or is set up with individual permissions. In most cases the permissions are individual with AD groups specified as required to grant access & visibility to specific user groups.
I'm in the "nightmare" stage. Can you please explain in your 3rd paragraph where you say "Viewers which contains the AD group: DOMAIN\adm dl u portal domain users..." What is "dl u portal domain users"?
ReplyDeleteI think I can learn from you because I too have created separate "Sites" for each department in my organization and the security is a nightmare.
Please respond to clisi@juno.com. Thank you!
The DOMAIN\adm dl u portal domain users is the name of the Active Directory group which includes all users.
ReplyDeleteIn my farm this is added to the pre-existing MOSS group called 'Viewers', which enables access to all users in that AD gorup to view the portal.
In each site within the portal i have custom permissions assigned to other AD groups. For example, in the IT website there are, in addition to the MOSS 'Viewers', groups like:
* ADM DL U IT Users - read access
* ADM DL U IT Editors - contributor access
These groups are created within Active Directory and then imported to MOSS during a profile import run in your SSP.
I hope that helps?