We have a SharePoint 2013 setup where we have public and team site collections per team. E.g. IT Public, IT Team where all employees have read access to Public and IT have contribute, and only IT have read and contribute in Team.
Then we have situations where IT want to share sensitive data with certain people outside IT. We have options here:
1. Create a new site collection (sharepoint/shared/newsite) permissioned appropriately
2. Create a doc lib in Public, break inheritance and permission appropriately
3. Create a doc lib in Team, break inheritance and permission appropriately
Pluses and minuses as I see them:
1. a) Might just be a few infrequently updated docs - seems a waste of resources.
1. b) Have to add links to the site collection for each user in the group (e.g. one in IT Team, one in HR Team, one in Marketing Team etc) - maintenance headache
2. a) Broken inheritance within site collections can lead to a permissions nightmare
3. a) ditto 2 a)
3. b) User who only have limited access i.e. outside IT, will not see any other links when they reach the restricted doc lib... no easy way in or out navigationally.
Does anyone have any experience in this area? Are there any best practises on this kind of scenario?
Probably not necessary to create a top level site collection, but it may be worthwhile to create a Sub-Site for your IT team, from there if Apply permissions accordingly if there are some heavily unique scenario's where a particular doc library requires
non IT staff to be added, Break inheritance and add the individual user(s) in the Library.
The biggest advice I can give is to ensure that you use groups for the site permissions so that if or when you do break inheritance any additional IT Staff etc will always be added through the Groups.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.