|
|
||||||
|
#1
02-28-08, 04:14 PM
|
|
|
|
|
We're slowing rolling out our team site 'portal' in MOSS 2007.
We're an org divided into 10 regions + 1 'HQ'. So, initially, I set up 11 site collections to separate content and permissions and the like and go from there. One of my users is questioning having her specific site within one of these collections as it's going to be a site that is collecting highly sensitive data that they don't want even fellow employees to have access to. Seems that the 'easiest' solution to allay fears is to simply set up yet-another site collection just for this particular project. Of course, that opens the gate for the snowball effect and I fear it turning into our WSS2 server, which is basically 100s of top level sites. Is there a TECHNICAL argument for not letting people go nuts with many, many site collections? Or is it mainly just a 'whatever works for you' type of thing from an organizing information standpoint? Does this person gain 'security' by having it as a site collection rather than a subsite? Or is it more of a placebo? -Darrel |
|
|
|
#2
02-28-08, 10:03 PM
|
|
|
|
|
> We're slowing rolling out our team site 'portal' in MOSS 2007.
Good for you! > We're an org divided into 10 regions + 1 'HQ'. Excellent! > So, initially, I set up 11 site collections to separate content and > permissions and the like and go from there. Seems simplistically logical..........I can see why you might have done that! > One of my users is questioning having her specific site within one of > these collections as it's going to be a site that is collecting highly > sensitive data that they don't want even fellow employees to have access > to. MOSS granular security applies across the whole of a MOSS farm - everyone will have access to any site that SHE as the site admin decides to give access, everyone else won't - nor will they see search results etc. for which they have no access. If its that sensitive, it should likely have its own application, content DB's and site collections and be running on a dedicated port over SSL and extended to a seperate server. > Seems that the 'easiest' solution to allay fears is to simply set up > yet-another site collection just for this particular project. You could do that - or simply educate her. > Of course, that opens the gate for the snowball effect and I fear it > turning into our WSS2 server, which is basically 100s of top level sites. In self service environments, this is technically what you will face anyway. Thats OK - you can turn on automatic deletions of unused sites - and constrain growth based on quotas. Less administration by IT, but overkill for your problem. > Is there a TECHNICAL argument for not letting people go nuts with many, > many site collections? Or is it mainly just a 'whatever works for you' > type of thing from an organizing information standpoint? Of course - single content databases should have no more than 10,000 site collections - so your DB planning takes a new twist! This naturally impacts your backup and recovery strategy as you have more files to consider and they should not span backup tapes (for example). More applications consume resources and impact your architetcure. > Does this person gain 'security' by having it as a site collection rather > than a subsite? Or is it more of a placebo? No real advantages in terms of security - http://vspug.com/llowevad/archive/20...hitecture.aspx Regards John Timney (MVP) http://www.johntimney.com http://www.johntimney.com/blog/ |
|
#3
02-29-08, 02:51 PM
|
|
|
|
|
> MOSS granular security applies across the whole of a MOSS farm - everyone
> will have access to any site that SHE as the site admin decides to give > access, everyone else won't - nor will they see search results etc. for > which they have no access. If its that sensitive, it should likely have > its own application, content DB's and site collections and be running on a > dedicated port over SSL and extended to a seperate server. Would it need it's own service provider? SSL + own app suffice? >> Seems that the 'easiest' solution to allay fears is to simply set up >> yet-another site collection just for this particular project. > > You could do that - or simply educate her. The problem is that I need educating myself. ;o) >> Does this person gain 'security' by having it as a site collection rather >> than a subsite? Or is it more of a placebo? > > No real advantages in terms of security - > [..] Excellent! I think that answers my question. At this point, I think this is more of an internal policy issue we need to address. Thanks for all that info! -Darrel |
|
#4
02-29-08, 02:58 PM
|
|
|
|
|
Could share the SSP, but yes - would require a certificate and its own app
if you went that far. Regards John Timney (MVP) http://www.johntimney.com http://www.johntimney.com/blog/ "darrel" <notreal> wrote in message news:3940 [..] |
|
|
| Similar Threads | |
| Display user access to all Site Collections on the Web App root SiteCollection (MOSS 2007) I cannot find the answer to this anywhere. We have deployed an instance of MOSS 2007 SE. Our taxonomy will likely be that of managed paths off the root web application site... |
|
| List of User Permission over Site Collections (moss 2k7) Hi, I have the requirement to list what permission does a user have over different site collections on MOSS 2007. I have tried using the GetUserMembership() method of the... |
|
| Move Site Collections between MOSS instances? Hi, I have two MOSS 2007 instances. I need to move a site collection and its configuration databases and content databases to another MOSS instance. How can I do this? I... |
|
| Replication of Collections, Packages, Advertisements andQueries from Central SIte to Primary Site... Hi all, I've recently added a new primary site to my SMS 2003 hierarchy. It seems to be operating fine apart from the fact that the new site isn't replicating the... |
|
| Question about site collections and cross site groups Hi, The definition of a cross-site group says: A custom security group that applies to more than one Web site. A cross-site group can be assigned to a site group as if it... |
|
|
All times are GMT. The time now is 05:31 PM. | Privacy Policy
|
MOSS: Too many site collections?