Sharepoint 2010 – Role Based Security – Still a thing of the future?

In my last post I talked about Visio 2010 and how we are seeing tools which can drive a lot of business value by representing data in intuitive ways through SharePoint. I raised the concern about once you see the data the next question is how does technology empower action. The answer involves several aspects and perhaps the most important one of which is role based security. The question comes down to this, if I want to share information with my boss and co-worker and give them the ability to perform different actions, how is this done using SharePoint?

It appears that the answer today for SharePoint 2010 is that role based security is still a weakness.

This provokes another question. Is it time for Microsoft to create a role based security model which is robust and can be leveraged to empower action oriented interactivity with the data and business process? The answer should be a sound barrier breaking “YES”. Here is why.

We now have the pieces of the puzzle coming together to empower business users to not only see the information which is important to them but then take action on that information. Being able to trigger a SharePoint Workflow within the right security context should be a skill that is achievable for the average SharePoint user. Consider this, the SharePoint User is now not only consuming data but also re-purposing it for the use of others. Setting the conditions under which others in the organization might or might not be able to trigger a specific workflow should require skill and knowledge yet still be simple enough that a user could do it without being a developer. To do this from a user’s perspective with only a few clicks, one should be able to select anyone who works on my team can do a “follow up call” workflow but only my manager can “approve expenses” workflow. This is role based secuirty and is not present in SharePoint 2010.

And so SharePoint 2010 will lack the deep security model which is required to leverage the full power it offers to users.  The Achilles’ Heel of developing a solution will be the need to create your own role based security model to supplement this weakness in SharePoint 2010. There maybe 3rd party products out there that help with this short coming.

Folks on the SharePoint team, please talk to the CRM team about their role based security. Although it is not the whole solution, it would be great to leverage a unified role based security model.

Jeff Loucks
Available Technology
Available Technology
  Subscribe in a reader

Leave a Reply

Your email address will not be published. Required fields are marked *