Security planning for sites and content (SharePoint Server 2010)
Applies to: SharePoint Server 2010, SharePoint Foundation 2010
Topic Last Modified: 2011-06-20
Some of the sites in your enterprise probably contain content that should not be available to all users. For example, proprietary technical information should be accessible only on a need-to-know basis. An intranet portal for employee benefits should be available only to full-time employees, whereas the home page of an Internet Web site is accessible by anonymous clients.
Permissions control access to your sites and site content. You can manage permissions by using Microsoft SharePoint Server 2010 groups, which control membership, and fine-grained permissions, which help to secure content at the item and document level. This section describes permissions for sites and site content and provides considerations for choosing permissions.
In this section:
Helps you understand how permissions are assigned and helps you choose the appropriate permissions to use in your site collection or subsite.
Reviews the available permission levels and groups, and helps you determine whether you need additional permission levels or groups.
Helps you determine which Microsoft Windows security groups and user accounts to use to grant access to sites, decide whether to use the Authenticated Users group, and decide whether to allow anonymous access.
Defines the levels of administration from the server level to the subsite level and helps you choose administrators for each level.
Provides guidance about how to use fine-grained permissions in Microsoft SharePoint 2010 Products.
Provides information about the Contribute permission level and the tasks that you can complete if you have these permissions.
SharePoint Server 2010 does not currently comply with Federal Information Processing Standard (FIPS) 140-2 - Security Requirements for Cryptographic Modules. FIPS 140-2 defines security standards which the United States and Canadian governments use to validate security levels for products that implement cryptography.|
For more information about FIPS 140-2, see the following references: