Microsoft SharePoint is a flexible platform upon which departments and users can build their own websites and applications. This document will outline the boundaries of responsibility for the Office of IT on an enterprise level and the responsibility of colleges and departments as SharePoint users. It will also cover matters of policy pertaining to security and governance.
The following terms are of interest in this document:
- Site Collection: This is a group of sites with a common administrator and feature set. When a user orders SharePoint service, they are given a site collection with a single, top-level site already created. The user can then create as many sub sites as desired. All sub sites created from the parent site are part of the same site collection and count against the same storage quota.
- Campus Active Directory: This is a directory that contains the user accounts for all current BYU students and employees. Departments may order an organizational unit in the directory where they can create guest accounts for people who are not already in the directory. This requires the involvement of the department Computer Support Representative. Additional information on Campus Active Directory is available from http://it.byu.edu/go/cad.
OIT has licensed this installation of SharePoint for internal and external use. This means that employees, faculty, students, and unaffiliated people may be granted access to collaboration sites created in SharePoint by invitation only. See the Authentication and Authorization section below for information about external users. This license does not extend to the Microsoft Office Suite. External users must be independently licensed to use the desktop tools such as Microsoft Word or Microsoft Excel.
Terms of Support
OIT will generally not provide training for this product to the campus community. This service is intended for users who have previous experience with Microsoft SharePoint or who have access to additional training and expertise. Departments must ensure that personnel who administer their sites have the expertise to manage the site and the objects associated with it.
Normally, OIT will avoid working within a departmental site or site collection. This means that OIT will not access departmental sites unless specifically invited by the site collection administrator. This invitation must be done as part of a formal consulting agreement and will not imply ongoing support of site-specific functionality outside of that consulting agreement.
OIT is accountable for the proper functioning of the SharePoint platform, servers, databases, and associated systems. These systems will be monitored by the OIT Operations Center. Departmental sites will not be individually monitored.
OIT cannot support the myriad of customizations and operations that can be done within a SharePoint site. Users should turn to Microsoft and other publicly available documentation for education on SharePoint functionality. There is also a peer support site where users can collaborate with each other to solve SharePoint issues. This site is located at http://sp.byu.edu
When SharePoint produces an error message with "correlation ID," OIT will make log file entries available to help users troubleshoot problems with a SharePoint site. Users will not have direct access to SharePoint servers or databases except through the standard web interface of a site collection.
Some troubleshooting will require access to information from SharePoint server logs. OIT will provide relevant extracts from the server logs to assist in troubleshooting. This will require the user to submit details from any error messages, including the "correlation ID" if available. The Net ID of the user experiencing the error as well as the exact time of the error is also essential.
It is important to note that some in OIT will be granted permissions within departmental sites as a part of their enterprise administration responsibilities. OIT personnel are expected to use such privileges within the scope of their employment. Anyone that uses rights to examine or modify a departmental or enterprise site (or any object contained therein) in a manner that is not consistent with their job function is subject to sanctions outlined in the computer use policy of the university handbook.
Authentication and Authorization
No one can access a SharePoint site without authorization. Permissions (read only, read/write, full control) can be granted to users and groups listed within the Campus Active Directory. It is possible to create groups inside of SharePoint itself; though, managing groups in Active Directory allows more opportunities for reuse. User accounts cannot be created in SharePoint and must come from the Active Directory.
Windows computers can be configured to automatically pass login credentials to the SharePoint server. This is done by adding a SharePoint site to the "intranet sites" list in the Internet Options control panel. See the OIT Service Desk
for more information on this procedure.
The preferred university solution for web single sign on is CAS. Thte current implementation of SharePoint is not compatible with CAS at this time. Investigation is underway which may enable CAS authentication in the future.
Information Security and Institutional Identity
SharePoint makes it easy to create websites in the byu.edu namespace. Users should follow all university and department policies about appropriate content for websites regardless of the tool used to create the site. Users should take care to represent the university well when they create sites with our name.
Users should exercise caution as they place information on SharePoint sites. We do not want to inadvertently share sensitive academic, health, or intellectual property information. Users should verify the permission settings on any content they place on a site which may have privacy or security implications.
Users can extend the SharePoint platform by writing custom solutions using Microsoft Visual Studio. OIT recommends using the "Sandbox Solutions" functionality which will allow custom code to be written and uploaded without intervention from OIT. If custom solutions are created that do not fit within the capabilities of the sandbox solutions scenario, users will need to purchase consulting hours from OIT Edge Services to test and deploy the code into the SharePoint farm.
When specialized needs do not fit into the scope and purpose of the general purpose farm, OIT will consider creating a special purpose farm. This may be desirable in the case of third party solutions that rely on SharePoint. This must be done through a consulting agreement which can be arranged with OIT Service Desk (2-4000)
If users have content in a different SharePoint 2013 environment that they would like to migrate to the enterprise SharePoint instance, this can be done with a custom consulting agreement. Users should work with OIT Service Desk (2-4000) to make arrangements. OIT cannot migrate content from previous versions of SharePoint.