Explaining SharePoint Security Through An Analogy
Guest Author: Chris Poteet
www.siolon.com
While explaining certain SharePoint concepts to clients there are few as perplexing to a client as the SharePoint security model. The idea of role and group based security is foreign to someone who doesn’t think about it most of the day. This forced me to come up with some kind of analogy to make it easier to grasp and implement.
I started thinking and realized that SharePoint security is analogous to a shipping box. If you think about a shipping box it has no real purpose by itself. The box is simply a hollow shelle. However, the minute we put contents inside the box and apply a shipping label all of the sudden this box generates interest to different people.
SharePoint security works much in the same way. There are essentially three components of SharePoint security: a group, a role and member(s). When we use each of these elements compared to the elements of a package to be shipped: a box, its shipping label and contents it becomes easier to see how SharePoint security works.
The box, much like a SharePoint group, has no real meaning by itself. A security group is simply a logical container with a title. The group, also like the box, just serves to holds its contents. While the contents of a shipping box may vary the contents of a SharePoint group are always individual users or other groups.
The role for a SharePoint group is really what gives direction to a SharePoint group. In that same sense a shipping label gives the box direction on its purpose and where it’s going. When you add all three of those components together you get a complete shipping box and a complete security designator.
As consultants we also know it’s always a better practice to keep roles assigned to groups instead of individual users to prevent maintenance nightmares. It’s always easier to move content around in a box (imagine how hard it would be to move contents each item at a time instead of putting it in boxes), and it’s always easier to maintain SharePoint security when groups are used.
(This analogy can also work when describing how metadata, content type and documents/items are related. The content type is the box, the metadata is the shipping label and the document/list are the contents.)
Guest Author: Chris Poteet
www.siolon.com
Chris Poteet is a Senior Consultant for Portal Solutions. He specializes in information architecture and business analysis as well as molding the SharePoint user experience. He can be found on Twitter @chrispoteetpro and his blog is at www.siolon.com
on
Great article and a nice way to explain how SharePoint security model works. One thing though may be missing in this analogy. Even with its “content” (users) and its “shipping label” (the security level), a SharePoint group is not a complete ready-to-ship box, if you don’t apply a scope to this group. Am I wrong ? A security level has to be applied to a container (site, list, folder) or an item.
Maybe we should add the shipping company then in the analogy, so as to complete it…
I would agree that until the container has a scope, it’s not ready to ship. Of course, the problem with analogies is they tend to break down at some point — but I thank Chris for providing this analogy since it does help bring the somewhat foreign concept of SharePoint security into a realm for easier discussion.
As a consultant, I find myself using analogies all the time when conveying complex concepts to my clients. Once the general concepts begin to make sense to the client, when it comes time to get into the details a common language has been developed.
Again, thank you Chris!
I definitely agree that as a consultant, we always have to find the right analogies so as to help our client to play his role, ie. describing his needs, understanding the different solutions, and agreeing to start or go on the project.
So thank you again Chris for your input and to help us to find better ways to drive SharePoint projects !
You are right that a group must be applied as well. Your addition to the analogy is a good point. Really the scope is the destination for the box, but we could sit around all day debating it.