I currently have 4 domain accounts in our company domain. I use one of them as my primary account and the other three when testing security of our SharePoint 2007 based intranet. If you are deploying SharePoint for a customer or as an internal solution, you should always have an end user account for testing. (Mark Miller has posted a little more details about that. He is also currently running series of short best practices articles on his blog. Check it out).
I am doing it in the following way, using:
- Internet Explorer 7 (logged in as admin)
- Firefox (logged in as enduser1)
- Google Chrome (logged in as enduser2) – OT: I am quite pleased with Chrome, it works nicely with SharePoint
in order to test if SharePoint is configured correctly.
When setting permission, avoid setting permission to an individual user. Always use AD or SharePoint groups. SharePoint groups are easier to setup and maintain but they are limited:
- Can only be used outside SharePoint (i.e. Outlook)
- Cannot be nested
Here are the some ways to configure security (the best is listed at the top).
- Configure security at site collection level (use SharePoint groups to do it)
- Configure security at site level
- Configure security at list level
- Configure security as list per item-level permission policies (List Settings > Advanced Settings > Item-level Permissions)
- Configure security via workflow
- Configure security at item level
For a large site you will probably end up with a mixture of all 6 ways. Because of that, you will need some dummy users to test if security is configured correctly. If you are having a really complex site, you might be willing to consider Universal SharePoint Manager 2007 by iDevFactory. This tool allows SharePoint administrators to monitor security for a server farm without using dummy users. It can be quite helpful when it comes to SharePoint security.
