1. site security
    1. security principal (object to which to assign permissions
      1. user
      2. group
    2. permissions and permission levels
    3. securable objects
  2. default groups
    1. visitors: read permission level
    2. members: contribute permission level
    3. owners: full control
    4. site templates add groups
      1. viewers
      2. approvers: approve new and changed content
      3. designers: alter page design in browser and sp designer
      4. hierarchy managers: create folders, lists, libraries
      5. restricted readers
      6. style resource readers: read only master pages and style library
  3. custom groups
    1. when
      1. when more user roles than you can model with default groups
      2. when you want to use different names than default groups: rename
      3. when you want to import ad groups and keep name etc
    2. hierarchical membership management
      1. it admin creates group project managers
      2. 2nd group project members, owned by project managers
      3. project managers can grant access, permissions to users without involvement of it admin
  4. group management comparison
    1. using ADDS groups without SP groups
      1. adds in classic or claimsbased mode
      2. grant permissions from sp directly to add groups
    2. Sharepoint groups
      1. place ad users directly in sp groups
    3. nesting ad groups in sp groups
      1. advantages
        1. adds admin remains in control of group membership and structure
        2. sp admin remain in control of sp resources
        3. adds membership changes are automatically reflected in sp
      2. disadvantages
        1. sp admin cannot see the individual members of a group
        2. sites to which you grant group access do not appear automatically in mysites
        3. problems with deep nesting ad groups
  5. administrative groups
    1. site collection administrators
      1. full control over site collection
    2. sharepoint farm administrators
      1. recommended is adding a group to farm administators
      2. are responsible for the config of the farm as a whole
      3. access to all settings in ca
      4. have no access to site collections by default
        1. can take ownership
    3. windows administrators
      1. members of local admin group on sp server
      2. can perform all the actions of a sp farm admin
      3. can deploy web parts to global assembly cache (gac)
      4. can create websites, web apps, and control iis settings
      5. can stop and start services
      6. can runs stsadm.exe command
  6. user information list
    1. details of current users and activities
    2. dynamic
    3. differs form people and groups list
    4. accounts are added when
      1. their user account is granted access individually
      2. they contribute to the site
      3. they set up an alerts
    5. http://spserver/sitecollection/_catalogs/users/simple.aspx