Comments on: The AAA Framework (Activities, Assignments, Artifacts) – A structured approach to successful SharePoint implementations

By: Christophe

Christophe — Sat, 24 Jan 2009 08:47:33 +0000

@ Chris:
I agree that some users can be overprotective. But the reverse is also true: users who don’t understand security, and just see permission management as a burden. The truth lies in between, and security is a normal component of a healthy analysis.

Sure, Information Architecture is key. That’s why I see a risk in forcing an IA decision – all in one container – prior to assessing the needs.

Side comments for Greg:
I have the same experience: 1/ item level permission management is hard to support 2/ users tend to create 10 libraries where just one is needed.

By: Greg

Greg — Fri, 23 Jan 2009 03:07:03 +0000

You can’t security trim items in a list, and setting item level permissions is really hard to support. But Information Architecture is key- you are right. I always advocate against multiple lists with the same content types, as it makes it much harder to aggregate things using views (yes, you can use content query web parts, but they have their own challenges). You need to model the IA against the real world functioning of the business, and if there are reasons to silo certain types similar content for security reasons, there are not a lot of options.

But my experience has been that people usually come in saying that they absolutely have to have 10 different document libraries to keep all of their stuff organized. Barring any real security issues, demoing one well architected library or list with good meta data and content types gives them everything they need.

I’m speaking in very general terms, of course, but it really is an 80/20 type of thing, and the AAA approach can be an excellent solution for many typical business scenarios.

By: Chris Chapman

Chris Chapman — Thu, 22 Jan 2009 18:06:33 +0000

I’m not sure what the problem would be with “permission management” vis-a-vis gathering data into single lists. Wouldn’t security trimming address this?

Generally speaking, I find that whenever conversations turn toward ratcheting down access, this is a “smell” that points toward either problems within the organization that SharePoint cannot solve or that the IA needs to be more thoroughly worked over.

By: Greg

Greg — Fri, 16 Jan 2009 15:17:51 +0000

As far as permissions- I think it depends on the scenario. For team based sites, it is very workable, but that does assume that there are no roles in the team that should not have the ability to see everyone else’s work. We’ve had no issues using it for a marketing team and a benefits team.However, the legal department example is just for discussion’s sake- haven’t used it there and you are right- permissions could make it trickier.

By: Christophe

Christophe — Tue, 13 Jan 2009 12:14:07 +0000

Also, one concern I have with this approach: permission management, as all the information is gathered in a few lists.

By: Christophe

Christophe — Tue, 13 Jan 2009 10:18:25 +0000

Greg: for further reading, would you have some references to share on the “AAA framework”?

By: georgew

georgew — Thu, 08 Jan 2009 14:16:53 +0000

Bravo! Wonderfully clear and concise.