Permissions vs. targeting with SharePoint

11-09-2020 How do we make sure our employees see the right content and have access to the content they need?

When we as consultants work with our customers and do clarification workshops in relation with the implementation of a new SharePoint-based platform, e.g. to an intranet, we often encounter the question of what content the user should have access to and what they should be exposed to. But what does "access to" and "exposure to" really mean? What is the difference and why does it matter? That is what this blog post will set out to explore.

First, we need to understand the role of intranets. In continuation of our previous blog post "Has Microsoft Teams Killed the Intranet?", We theorized what role the intranet plays in the digital workplace:

The intranet will often be where content is published to reach the entire organization. However, in most cases, not all content is relevant to all users, just as every user's everyday life is not the same and therefore should not have a single-entry point for the same content.

An example

Susan is in department A. Department A has an intranet editor who, every morning, creates a news item on the intranet about who in department A is in the office and who is onsite with customers. This news is only relevant for the 35 employees sitting in Department A and not the remaining 275 employees at Susan’s workplace.

At the same time, Susan’s leader Anne is part of a leadership group that has a monthly leadership day. Here they work with documents that are most often confidential and that regular employees should not be able to see.

How is this handled in practice? And what is the difference between the two examples?

Targeting and permissions

In Susan’s case, we have an intranet editor who creates news that is only relevant to a small portion of the entire staff. Therefore, in this case, our intranet editor will need to target the daily news, to ensure that users only see news that is relevant to them. Here, the news will be relevant for Solveig and her colleagues in Department A, but not for Alex and his colleagues in Department B.

In Anne's case, we would like to ensure that only the members of the management team have access to the files on Anne's management site. When there is content that should not be accessible to everyone, this is controlled via rights. So:

Targeting = Relevance

Permissions = Access

Fortunately, Susan and her colleagues' workplace has a number of different AD groups, which are separated into:

  • Departments
  • Leadership groups
  • Locations

Therefore, it is easy for Susan's colleague, who is an intranet editor, to target the daily news to their department using Department A's AD group, and it is just as easy for Anne to give her management team exclusive access to the content on her management site via the AD group for managers.

This means that with the help of AD groups (or O365 groups) you can control both targeting and rights.

Where can targeting be set up and used

Targeting in standard SharePoint can be used on pages and in navigation. If we want to show targeted pages, this can be done in the Highlights and News web sections, which can show different content, including targeted pages.

The use of targeting makes pages and navigation more relevant to employees, but they will still be able to actively search for content, thus finding information that is available on the sites they have access to. This is causes less confusion for the individual employee, as they do not need to navigate around content that is irrelevant to them.

Where permissions are set

Permissions are set "behind the scenes" in SharePoint and controls not only who can see what, but also what the members of an AD group or O365 group can do. Should users only be able to read the content on a specific site or should they also be able to edit? The permissions can be set for an entire site, for a single library or even for a single document.

The important thing to note is that if you remove a permission from a group so that they cannot read or edit, then this also limits them from viewing or searching for the content. This shows the need for an overall policy about when to restrict permissions.

Both targeting and permissions are thus good opportunities for creating a focused and relevant intranet. However, it is a good idea to use permissions sparsely and to be careful about creating too many sites with unique permissions. It is our experience that sites with many unique permissions will over time become difficult to manage and as a content owner and editor, you risk losing track of who has access to what. Likewise, targeting also requires a lot of maintenance and setup, and should therefore also be well thought through and planned before getting started.

If you would like to know more about targeting and permissions, you are of course welcome to reach out to us, or you can read more about permissions on Microsoft's website and here specifically about targeting.