This chapter is from the book
This chapter is from the book
This chapter is from the book
SharePoint 2013/Office 365: Preparing for Governance
SharePoint 2013’s out-of-the-box core end-user features, such as lists and libraries as well as apps, web parts, and the sites and site collections they exist on, will be the most used areas of SharePoint, but using them and deploying them with governance in mind is key to your success. The policies of how these components operate (are governed) guide your SharePoint user community and its related components. SharePoint 2013 offers end-user capabilities such as these:
- Collaboration Tools: SharePoint sites facilitate team participation in discussions, shared document collaboration, blogging, building communities, and professional networking.
- Content Management: The document collaboration features allow for easy checking in and checking out of documents, document version control and recovery of previous versions, enforcement of retention schedules, information management policies, eDiscovery, destruction or information management workflows, and document-level security.
- Business Intelligence: This enables people to connect to, find, and act on information locked away in line-of-business systems by using a framework to integrate them securely into SharePoint search results, configurable and actionable dashboards, KPIs, reports, apps, mash-up interfaces, and web parts.
- Search: A feature and overall capability that provides users with the ability to find information that is security trimmed and stored in almost any structured or unstructured repository as well as “people information.” SharePoint 2013’s search includes the previous SharePoint Server 2010 Search capabilities as well as FAST search into once seamless “SharePoint 2013” offering.
In keeping the SharePoint as a Service (SPaaS)/SharePoint as a Platform (SPaaP) strategy in mind, which will grow in size and importance over time and will open up the hybrid SharePoint implementation mind-set, the strategies in the following sections should be strongly taken into consideration and molded around your organization.
Preparing for SharePoint Site and Site Collection Governance
To paint a picture of how to prepare for SharePoint Site and Site Collection governance, I will walk through a few examples that apply to most organizations. SharePoint sites are usually created for collaboration or content management within the organizational structure or, alternatively, for a particular line of business (LOB) or department.
For example, as determined by the Site Owners, users from other locations may have access to content inside of these sites as well. Types of communication and collaboration in SharePoint include, but are not limited to, the following:
- Project sites
- Division department sites
- Professional networking (communities/My Sites)
- Team sites
- Content management/records management sites
Local sites may be created under the local SharePoint “root sites” or within the specific line of business or department. Functional area sites may reside below the local SharePoint “root sites.” The sites may be further split out below the functional area by business units. The sites may also be further split out with approval of the Site Collection Owner below the functional area.
Site collections can facilitate collaboration within groups, within organizations, and between teams. For example, when a request is granted for a site collection, a governed model should ensure that the requestor chooses or is assigned the user to be the Site Collection Owner and the Site Collection Administrator with the approval of the Farm Administrators.
For example, a SharePoint Farm Administrator can assume the role of the Site Collection Administrator. Also, a Site Collection Administrator may be responsible for, but not limited to the following:
- Site Collection security
- Site Collection features
- Site Collection audits and usage logs
- Site creation
- List, library, and content type creation outside the scope of default items governed by the Farm Administrators
Site Collections should maintain data storage, quotas, size limitations, and threshold settings in the manner specified by the organization’s SharePoint governance policy.
Preparing Your Organization’s SharePoint 2013/Office 365 Organizational Support Governance
SharePoint 2013’s governance is developed, monitored, and ultimately enforced by specific roles that can be referred to as the SharePoint “People Organization.” A best practices example of how your organization can implement this People Organization is detailed next.
SharePoint Service Operations Teams
The SharePoint Services Operations (SSO) teams consist of the following “roles” or “groups” of support members.
SharePoint Services Team (SST)
The SharePoint Services Team oversees staff providing SharePoint system administration and multi-level support. The SharePoint Services Team drives the process of aligning the SharePoint Service with evolving business requirements and strategic direction.
The SharePoint Services Team consists of the SharePoint Services Team Manager, SharePoint System Architects, SharePoint Farm Administrators, and Site Collection Administrators. The SharePoint Services Team directs all aspects of the SharePoint Services to ensure an effective and stable service offering in relation to SharePoint.
Farm Administrators
The SharePoint Services Team Farm Administrators manage the operation of the production, QA, and development environments for SharePoint. The SharePoint Services Team controls the SharePoint application and helps execute approved change requests.
The Farm Administrators within the SharePoint Services Team may have the authority of full central administration rights, full SharePoint services rights, and provision security for the site collections, and they assign permissions to the Site Collection Administrator.
The Farm Administrators are essential members of the SharePoint Services Team, and they should frequently collaborate with other Farm Administrators and Site Collection Administrators to resolve problems, to assist with issues, and for knowledge transfer and continuous training. The Farm Administrators may have the same access to all SharePoint environment instances.
Site Collection Administrators
Site Collection Administrators manage the SharePoint site collections and are part of the SharePoint Services Team with the specific goal of promoting new collaboration tools and other SharePoint applications within their location for the sites they manage to help improve efficiency and increase productivity.
Site Collection Administrators do not, in most cases, have access to the operating system. The Site Collection Administrator is an integral member of the SharePoint Services Team.
The Site Collection Administrator will also be
- Comfortable working with new SharePoint applications
- Able to quickly learn the capabilities of SharePoint tools
- Able to demonstrate strong functional knowledge of the tools to others
Possible additional tasks could be delegated such as the following:
- Creating subsites within existing sites
- Managing security of the SharePoint site with approved Active Directory Groups
- Creating new workflows and managing site content
System Administrators
The System Administrators manage the operating systems of all SharePoint Environments (Production, QA, and DEV) and do not always have central administration rights, and they usually do not have administrative access within SharePoint. The System Administrators follow the procedures for maintenance, backup, recovery, and overall change management set forth by the SharePoint Services Team for the organization.
The System Administrators provide monitoring of the system through
- Usage analysis and tuning
- Automatic monitoring and event notifications
The System Administrators perform maintenance on the servers and provide support for hardware and software updates. They provide documentation on the installation and configuration of the system in its environment. Your organization SharePoint platform install and configuration must be documented well enough so that it can be reinstalled and reconfigured to the last known good operating standards.
Database Administrators
The Database Administrators are responsible for installation, configuration, backup, recovery, and monitoring of the SQL Server 2012 databases required by SharePoint. Database Administrators typically do not have central administration rights and have no special administrative access within SharePoint.
The Database Administrators are typically not a member of the SharePoint Services Team but work with the SharePoint Services Team in case of issues such as business continuity exercises, disaster recovery, and content database issues.
SharePoint Roles
The following sections detail granular SharePoint roles as well as the related granular best practices considerations regarding each role.
High-Level Operational Roles
Permissions and responsibilities of the operations roles are persistent throughout SharePoint. Resources may serve multiple roles within the operations roles. The roles and responsibilities defined in Table 3.2 are specific to SharePoint 2013 products and technologies and third-party tools used for operations and maintenance of the SharePoint service.
TABLE 3.2 Roles and Related Responsibilities/Permissions
|
Role |
Responsibilities and Tasks |
Responsibility Assignment |
Permissions |
|
SharePoint Services Owner (SSO) |
–Responsible for the effective provisioning and ongoing management of the centralized SharePoint platform –Leads SharePoint Steering Committee –Leads SharePoint Services Team –SharePoint Steering Committee |
SharePoint Services Team/TBD |
TBD |
|
SharePoint Service Manager |
–Assists in the SharePoint Steering Committee –Assists in leading the SharePoint Services Team –Ensures that tactical initiatives align to strategic intentions –Reports to Steering Committee on the level of activity |
SharePoint Services Team/TBD |
TBD |
|
SharePoint System Architects |
–Active Directory –Profile Synchronization –Patch/Release Management (validation and testing) –Responsible for SharePoint farm infrastructure design, installation, guidelines, and best practices –System Administrator’s day-to-day support |
SharePoint Services Team/TBD |
–Full Control given at the web application policy level for every web application in all farm locations –Admin Control, full control to all central administration and SharePoint services in all farm locations |
|
Network Engineers |
–Firewalls –WAN optimization –Remote access management –External access management –Load balancing |
TBD |
–Will not have access to SharePoint or site configuration settings and will not be able to make any changes to the application |
|
SharePoint Records Manager Administrator |
–Responsible for new or modified records retention schedule categories –Performs legal research to determine applicable federal, state, local record-keeping laws, citations, or requirements –Works with the SP Administrator to ensure that content types are accurate –Consults with Site Owners as needed before site decommissioning |
Records Management/TBD |
–Will not have access to SharePoint or site configuration settings and will not be able to make any changes to the application |
Table 3.2 shows the roles along with the related responsibilities, tasks, and any additional permission-related information.
Granular Operational Roles
Resources may serve multiple roles within operations because it is typical in an enterprise implementation for SharePoint Architects and Administrators to perform multiple roles.
Permissions and responsibilities in the operational roles will exist within the central SharePoint Services Team, whereas development roles may exist independently throughout an organization if it is regionally or globally dispersed. The roles and responsibilities defined in Table 3.3 are specific to SharePoint products and technologies and third-party tools used for operations and maintenance of SharePoint.
TABLE 3.3 Roles and Related Responsibilities/Permissions
|
Role |
Responsibilities and Tasks |
Team |
Permissions |
|
Farm Administrators |
–Responsible for SharePoint farm’s configuration, SharePoint services, policies, procedures, and governance/best practice enforcement –Day-to-day support for Site Collection Administrator –Serves as SharePoint champion for all locations |
TBD |
–May or may not have system administrative or SQL administration rights –Full Control: Full control given at the web application policy level for every web application in all farm locations. –Admin Control: Full control to all central administration and SharePoint services in all farm locations |
|
SharePoint System Administrator Also referred to as: SharePoint Solution Architect |
–Responsible for day-to-day maintenance of the SharePoint Platform |
TBD |
–Will not have access to SharePoint or site configuration settings and will not be able to make any changes to the application |
|
SQL Database Administrator |
–SQL Server database backup and recovery, SQL configuration, SQL upgrades and monitoring –Responsible for databases, site collection, and site backups |
TBD |
–Will not have access to SharePoint or site configuration settings and will not be able to make any changes to the application –SQL Administrative rights |
|
Network Engineer |
–Firewalls –External crawl content monitoring –Antivirus –Possible mobility management activities –Possible BYOD enforcement activities |
TBD |
–Will not have access to SharePoint or site configuration settings and will not be able to make any changes to the application |
|
SharePoint Solution Development Architect |
–Responsible for following best practices development standards as defined by the SharePoint Solutions Review Board –Responsible for developing custom solutions such as apps, web parts, master pages, workflows, custom events, and custom organizationally specific records management features |
TBD |
–Full Control: to the development environment |
Table 3.3 shows the roles along with the related responsibilities, tasks, and any additional permission-related information.
End-User Roles
These roles are managed by the SharePoint Services Team with limited rights given to specific SharePoint 2013 skilled individuals.
Users may, in some cases, belong to more than one role and have additional permissions. Users may also be removed from lower-level roles because higher-level roles/permissions may encompass the permissions of the lower-level role.
Table 3.4 shows the roles along with the related responsibilities, tasks, and any additional permission-related information.
TABLE 3.4 Roles and Related Responsibilities/Permissions
|
Roles |
Responsibilities and Tasks |
Training |
Permissions |
|
Site Collection Administrator |
–Manage features and solutions for site collection –SharePoint site provisioning for site collection |
Instructor led with good understanding of site administration, security, content creation, feature deployment |
Access defined at the SharePoint application level; no access at the system level |
|
Site Collection Owner |
–Site Collection Owner –Content creation –Manage content –Subsite management |
Instructor led with good understanding of site administration, security, content creation, and records retention schedules |
Access defined at the SharePoint application level; no access at the system level |
|
Site Owner |
–Site Owner –Content creation –Manage content Note: Annual/monthly auditing will be determined at the beginning of Phase 2 based on SLAs and the organization’s Policy. |
Instructor led with good understanding of site administration, security, content creation, and records retention schedules |
Access defined at the SharePoint application level; no access at the system level. |
|
Member |
–Content creation (documents, lists) –Contribute to collaboration sites (blog, wiki) –Initiate workflows |
Computer-based training video (CBT) with good understanding of document libraries and lists and records retention |
Access defined at the SharePoint application level; no access at the system level |
|
Approver |
–Approve content (documents, lists) –Initiate workflows |
CBT with good understanding of content approval and workflows and records retention |
Access defined at the SharePoint application level; no access at the system level |
|
Visitor |
View content |
N/A |
N/A |