SP13 Member Permissions

[toc]

APAN uses the SharePoint out-of-the-box (OOTB) security model. SharePoint security groups are SharePoint objects that have “users” as members and come with their own settings. These settings can be things like who the owner of the group is and who can add or remove users from these groups. The table below represents an overview and description of the various out-of-the-box security groups and permission levels.

Security Group	Permission Level	Authority
Site Owners	Full Control	Can add/edit/delete content, delete sites, and set up permissions for a given site
Site Members	Contribute	Can add/edit/delete content on a site
Site Visitors	Read	Can only read and download content

Additional SharePoint security groups can be created at the discretion of a Site Owner or a Site Collection Administrator (SCA); however, this practice is discouraged and is not an APAN best practice.

APAN Active directory Security Groups

APAN’s existing global security groups for APAN SharePoint Farm are:

Group Name	Description
All Users (windows)	All users that authenticate with windows authentication
NT Authority\Authenticated Users	All users regardless of authentication type used (same as All Users)
Style Resource Readers	Style Resource Readers should have read permission to "Master Page Gallery" and restricted read permission to the "Style Library" at the site collection level.

Member Permissions

In some cases, your site may contain content only meant for certain users or groups. For example, you may create a new library for a special project, and want to ensure that only people who work on that project can access the library.

Access can be granted or restricted. To restrict access, you have to break permissions inheritance, and then change the permissions for the list or library on a uniquely defined permissions page. Read below to learn more.

Approving or Declining Access Requests

As an owner, you can Approve and Disapprove membership.

Click Settings
Add settings gear image
Click Site Settings.
Click Site Permissions.
Click Show access request and invitations.

NOTE: The Show access requests button only appears if there are pending access requests
Under Pending Requests, find the request you want to update.
Click the ellipses to open the menu.
Add ellipses image
Select the permission level you would like to assign the user. APAN BEST PRACTICE: Only use Owner, Member or Visitor. If you are unsure if these are the right permissions for you, or you need assistance. Ensure you double check with APAN.
You can also type a message to the person requesting access; this can be a useful way to document your decision or ask for additional information.

NOTE: As the owner of your site, YOU are responsible for identifying if an APAN user should have access to your site.

Ensure that you know who the person is who is requesting membership access. If you don’t know who they are, ask more questions or escalate:
- Do they have a .mil or .gov email? If not, ask the individual to send you an email from their military or government email.
- Do you know how they intend to participate in the exercise/training/event/conference? Ask the individual.
- If the user is coming from a foreign country, is the APAN user on an approved country participation list? Check with your Country POCs BEFORE giving access.

Click Approve or Decline.

Can I change the Access Requests list settings to request certain information upfront, like we did with Pending Members?

No. Unfortunately, the Access Requests list uses a list that cannot be edited.

I am not certain if this APAN user is a legit user, what should I do?

If you suspect or are unsure of a pending member request, do NOT add that individual into your site.
Inform APAN Support by creating a support ticket. Please provide a username and a brief description of the possible suspicious behavior.

APAN BEST PRACTICE: If you have several owners in your community who are not aware of these permissions, this could cause issues for other owners to manage permissions and who has access to what. It may be simple to create a subgroup and manage permissions this way. Or, designate no more than 2 Owners as your site’s access gate-keepers.