Sharepoint 2010 Item level Permission to a Document Library is Our approach right?
https://sharepoint.stackexchange.com//questions/35759
-
09-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We are planing to apply Item level Permission on document library and want share point experts advise...are we going right way or we will fall in performance issue or others..
What We Have :
1- We have approx 100 SharePoint Groups with with 1000 or more users assigned to those groups.
2- We have single document library (where users will add approx 60 documents per day)
Requirement :
SP Group X create a document, SP Group X can share it with SP Group Y and Z (by a workflow)...so SP Group X,Y,Z can view this document and rest group will not be able to view it.
What we are doing :
We are assigning share-point groups per Document Library Items by breaking inheritance depending on our Requirement.
Question
1- Is this right Approach ? any better way please help ?
2- We heard 50,000 is a hard limit when we assign SP groups per a Document library items, after 50,000 items we are planing to move them in archive ...is this right ?
Solution
In terms of Capacity the theoretical limit is 50 millions per Document Library, SP2010. Besides there is no practical limit to how many items per Container (e.g. Folder), but there are recommendations, up to 5000 (default configured as Threshold in CA for each Web Application). More on this, considering the amount of traffic estimated and groups, you would break inheritance quite a lot - not recommended honestly.
A rather easier, safer approach is to use Sub-Sites with Unique permissions given to SP Groups - long term that is the best strategy and it avoid maintenance headaches. This avoids to break inheritance and as well give opportunity for more types of content, while complying with security. People tend to forget that SP2010 is after all a Site provisioning engine and you could go up to 250k sites per Site Collection, but a lot easier to navigate, set Ownership, etc.
You also have a recommendation of about 1500 ACL limit for unique Security per User, with the amount estimated, and considering your security rules, probably you'll reach it in some months. Every time you configure inheritance there is also a performance penalty because permissions are kind of duplicated.
You can talk more on this, but I would suggest not to break inheritance considering your constraints - will be a hell to maintain that.
OTHER TIPS
You can download this document Best practices for using fine-grained permissions (SharePoint Products and Technologies): http://www.microsoft.com/en-us/download/details.aspx?id=9030
T.s
Another alternative would be to use the content organizer where everyone submits documents to. Then the documents get routed based on the rules defined in the content organizer to specific document libraries that are permissioned as needed.
A couple useful links, from MSDN, from a TechNet blog.
