My next wish is better granularity of user permissions. I would like to not get bitten in the butt by what I like to call “hidden permissions”. The rights that you can grant or deny users are pretty explanatory on what they do. But it also seems that other rights are included in the set that are not mentioned in the interface, nor have I seen anywhere where they are explained. So you grant user XYZ right, unknowingly giving them access to do other things that maybe you don’t want them to do.
The latest encounter I had with this was with portal area rights. When adjusting area rights, there is one for “Manage Area – Delete or edit the properties for an area on the portal site”. This gives the user the ability to add web parts and access the area settings. It also gives them the ability to delete an area. Perhaps the wording is just bad for the right and the term Delete refers to deleting the area, but as worded and read by other people that I know, it is interpreted as delete properties for the area. End result is I can restrict a user from creating an area, but not stop them from deleting it (which isn’t very sensible to me) and there is no easy restore/recovery or recycle bin for SharePoint, so you get users deleting areas unintentionally and are in a tight spot trying to recover it.
So I would like to see more rights, better spelled out and everything included in the UI so I can control it better.
UPDATE: So I was slightly misguided earlier… a user can add web parts without the Manage Area rights unless you are me and have a messed up portal that I now have to go figure out what is up (future post maybe?). Thanks to Mark Kruger for walking through some permission stuff with me!