Security planning for sites and content (SharePoint Foundation 2010)
Published: May 12, 2010
Some of the sites in your enterprise probably contain content that should not be available to all users. For example, proprietary technical information should be accessible only on a need-to-know basis. An intranet portal for employee benefits should be available only to full-time employees, whereas the home page of an Internet Web site is accessible by anonymous clients.
Permissions control access to your sites and site content. You can manage permissions by using Microsoft SharePoint Foundation 2010 groups, which control membership, and fine-grained permissions, which help to secure content at the item and document level. This section describes permissions for sites and site content and provides considerations for choosing permissions.
In this section:
Plan site permissions (SharePoint Foundation 2010) helps you understand how permissions are assigned and helps you choose the appropriate permissions to use in your site collection or subsite.
Determine permission levels and groups (SharePoint Foundation 2010) reviews the available permission levels and groups, and helps you determine whether you need additional permission levels or groups.
Choose security groups (SharePoint Foundation 2010) helps you determine which Microsoft Windows security groups and user accounts to use to grant access to sites, decide whether to use the Authenticated Users group, and decide whether to allow anonymous access.
Choose administrators and owners for the administration hierarchy (SharePoint Foundation 2010) defines the levels of administration from the server level to the subsite level and helps you choose administrators for each level.
Provides guidance about how to use fine-grained permissions in Microsoft SharePoint 2010 Products.
Provides information about the Contribute permission level and the tasks that you can complete if you have these permissions.
SharePoint Foundation 2010 does not currently comply with Federal Information Processing Standard (FIPS) 140-2 - Security Requirements for Cryptographic Modules. FIPS 140-2 defines security standards which the United States and Canadian governments use to validate security levels for products that implement cryptography.
For more information about FIPS 140-2, see the following references: