Security in Teams and SharePoint

IT in our organization is still very much the Wild Wild West, and most users have no idea how to manage things are typically handled by IT in larger organizations.  In an effort to help keep the peace, and educate folks a bit, I occasionally post a few thoughts towards best practices to help folks along.  

This is one such thing.  Lately, I have noticed folks just handing out site/team ownership without any thought towards what they are doing.  People that should not have access to certain things, suddenly have sweeping access.  

This is by no means all-encompassing.  It is only meant as a basic outline to help most users in a default SharePoint Online / Teams environment.

================

It is super easy to make another user an “Owner” of your Team or SharePoint so they have the access they need to do whatever they need to do at the time. It is also a little dangerous.

Did you know that in doing so, you give that person the right to do whatever they want inside of your Team / SharePoint?

This includes …
· Delete your Team or SharePoint
· Add any users they want to your Teams/SharePoint, even as an Owner.
· Access any document.
· Share any document (even externally).
· Change any document.
· Delete any document.
· View HIPAA protected information.
· Share HIPAA protected information.

The same security controls are not in place for Teams / SharePoint as those for the File Server (also known as the G drive or H drive or whatever letter is assigned to your drive).

Access Security is the sole responsibility of the Owners of the Teams / SharePoint.

Fortunately, Access Security is extremely easy to maintain.

• Do not make anyone an “Owner,” unless you really want them to have that authority.
• Do not make anyone a “Member” that is outside of your working Teams.
• Add a “Visitor,” if someone needs access to everything in your Teams / SharePoint.
• Share a document and/or folder, if that is all a person really needs access to.

How do I do this?

1. In SharePoint,
1. Click the gear in the top right of the page
2. Choose “Site Permissions”
3. Click “Add members”
1. "Add members to group” will add a site Member
2. “Share Site Only” will add a site Visitor
2. In Teams,
1. Only a Member may be added here.
2. Click the ellipses ( . . . ) next to the Teams name
1. Choose “Add Member”
3. “Guests” can be added, but that is a whole other story.

Through these same menus in SharePoint, you can remove an “Owner” or “Member” that should no longer be there. In Teams, choose “Manage Team” from the ellipses menu next to the Teams name.


Overview: Site governance, permission, and sharing for site owners - Microsoft Support

• Owner
• Full Control
• Manage Site Permissions, Settings, Appearance, as well as Add, Edit, and Delete any documents or Site contents.
• Member
• Contributor
• Edit site content, as well as add, edit, and delete documents.
• Visitor
• Read Only Viewer
• Can see most content but cannot edit or delete.

Power BI Report Development

Ain't it the truth.

Defrauded by Sherper's

It seems as though everyone is on the take these days.  Wal-Mart, Amazon, and similar entities only enable it further by leveraging outside suppliers, but not making that readily obvious to the average consumer.

Recently, I purchased a set of luggage racks from Wal-Mart.  I thought I did, at least.  After receiving said item, I discovered that some company named Sherper's had fulfilled the online order.  It was not apparent at the time and I really did not care, when I heard that the purchased had finally arrived.  I was anxious to get my kayak out on the water again.

The box looked a little more abused than most and I was immediately a little suspicious. As demonstrated in the photo above, it showed signs of having been opened and resealed.  This was particular true on one end of the box.  Before I opened anything, I took a photo of each side.

Lifting only one flap of the box, I was immediately presented with an Amazon Return Authorization Slip.  That was curious enough.  Even more so, the Order ID was not mine and was in now way related to my order.  It was obvious that someone else had returned this item and Sherper's had simply redistributed it.  Very likely, they purchased it from one of the Amazon return stores that have been popping up lately.

Maintaining a certain level of optimism about the situation, I went on to open the box.  In the light of my living room, all appeared well and good.  It appeared as if someone had simply decided they did not want the product and returned it.  All the parts were there, except for the Allen wrench.  That is not unusual these days though, and I had one.

Under the bright and harsh fluorescent lights of the garage, another story emerged.  It was apparent that someone had used these, having clamped something or another to them.  They didn't appear damaged to a greater extent, but one can never be too sure when it comes to steel.  Generally, once bent it is considered compromised.   An email immediately flew off to the Wal-Mart explaining this situation.

Wal-Mart forwarded the message to Sherper's, who quickly replied... 

"Hello Todd, Our apologies that the item arrived to you in the condition you described. Can you please send me some pictures of the item, including the signs of use and Amazon invoice? Thank you, Jeremy at Sherper's"

And so the above images were forwarded along, to which Sherper's replied ...

"Hello Todd, Thank you for the images. Our shipping department will occasionally reuse boxes from returned items for shipments as boxes of this size are hard to come by. As for the item itself, it is my conclusion that this was indeed an Amazon return that our receiving department inspected and determined was acceptable to resell as new. Looking back at the return details itself, the customer said that he tried it on his car and it just didn't fit correctly. Given this feedback, our receiving team inspected it and determined that there was nothing materially defective about the product's functionality that justified reclassifying it from the "new" condition labeling. Clearly, you disagree and I can understand your perspective. If you would like to keep the item as is, we would be willing to offer you a 10% discount in the form of a refund. However, you may also return the item to us for a full refund. Thank you, Jeremy at Sherper's"

The offer seemed reasonable enough at the time, so I accepted the 10% discount and moved on.  Further inspection revealed that the steel was incased in some sort of hard rubber or other resin and it was likely not compromised as much as initially thought.  There was no way of telling for sure and the Malone's VersaRail was an inexpensive stop-gap anyway.

Thinking about it now, the feeling of being defrauded only grows.  That last response from Sherper's is partially a lie.  Their inspection team did nothing more than restore the box.  The enclosed Amazon invoice was proof of that, since it was right inside a flap of the box and not inside.

Wal-Mart asked for a review today.  They got one that expressed my disappointment in their not making it more obvious that I was actually purchasing from another supplier (Sherper's), who had gone on to defraud me and them, presenting their product as new, when it was really used.  

Lesson learned, I suppose.  

The more I purchase on the internet these days, the less I really want to any longer.

Hopefully, nothing breaks.  In case it does, Malone's is not to blame.

Ethical Dura Fused Leather Dog Toy Review

This is a FAIL in less than 5 minutes.  The feet were torn off and swallowed.  Leather or not, this is not safe.  This is worthless product meant only to take your money.

Praise from TP

"Todd's support and guidance have made a significant difference in my transition into [The Firm], and I appreciate the time he has invested not only in helping me but also others, too."

Making this recognition all the nicer, a little Thank You card to go along.

Leadership Skills

Commercial Operations in Residental R-1

They were at again, so we drafted a little note to the city.  Names omitted to protect the guilty.

Residents of our street seek city intervention against BUSINESS for operating a hazardous commercial landscaping business without permits, causing increased traffic, noise, and toxic smoke, jeopardizing community health and safety.

Again, on Saturday, July 13, we contacted the CITY Fire Department to address an unattended fire at the residence of 1309.

Currently, this residential address is occupied by BUSINESS.  Speaking with the owner in March 2024, he indicated his intent to use the location to operate a full-service commercial landscaping operation.

We observed this, with operations increasing exponentially since that time.

In April 2024, BUSINESS expanded parking across the front of the address to accommodate their employees.  They further expanded parking across most of the front yard, stretched a gravel driveway down to the back of the house and spread more gravel for parking across the back of the house.

Vehicular traffic begins after 6 am, filling the parking lot across the front for most of the day.  The increasing volume of traffic at this location often blocks the road with large construction vehicles and trailers.

Additionally, BUSINESS returns daily from job sites with trash and other debris from their business.  It consists of various types of yard waste, as well as treated lumber, in the form of fence posts and panels.  They unload at the address and pile the waste around the back yard.  What can be burned is piled next to a fire pit, where it is later burned, filling the air with smoke containing arsenic, chromium and copper, and other highly toxic elements.

We contacted the CITY Fire Department May 17, 2024.  They confronted the operation on that that date, when they were openly burning treated lumber and fence panels, unattended, filling the air with toxic smoke.  Several adults and small children in the neighborhood were affected by respiratory distress, headaches, and associated illnesses.

Since that date, the burn pile was moved closer to the house, under a tree.  They seem to burn these hazardous materials overnight and at hours when nobody is around.  It leaves the same smell in the air though and continues to cause respiratory distress.

We need this operation to cease and desist immediately!

To our knowledge, there has been no permitting applied for or approved, nor has zoning been modified to enable the following at the residential address:

• Operation of a nonretail, commercial, light industrial operation on property zoned as residential District R-1,
• Storage of large commercial vehicles on site,
• Expansion of parking along the frontage of the property,
• Installation of a driveway to the back of the property,
• Installation of a gravel parking lot in the back of the property,
• Storage of trash on site,
• Storage of yard waste on site
• Storge of hazardous waste on site,
• Burning trash on site,
• Disposal of toxic waste through burning on site.

Timberline Topsoil Rocks

This is third time I have found a rather large rock included in a bag of top soil from this company.  It is suspicious and I have decided to start collecting these rocks.  If enough are gathered, maybe we could build something out of them.

=====

08.15.2024 update

=====

08.30.2024 update

Hording Data

And now we come to the point where she decides what data we are allowed to collect.  Talk about your control freak.  Attempting to obtain the data from a recent stakeholder survey for future reference and potential analysis against other surveys, VPQ has all but refused to share the data.

For the life of me, I cannot understand what her problem is.  Ask for the data from the company that produced the survey and send it along.  It requires no effort, but she would rather we just ask her for whatever views of the data we want.

It is more than obvious that she does not understand how it is to collaborate.  It's her ball and you can't have it!

Arkansas with the Girls

This weekend after the fourth of July, we headed south into the Arkansas wilderness with the two oldest girls.  The youngest of two had specifically requested this journey months in advance, and it only made sense to include her older sister-cousin.

A 6.5-hour trip south turned into a 13-hour adventure without even realizing it.  Along the way, we enjoyed rediscovering Bass Pro Shops in Springfield, another trip on the Peel Ferry.  Finding a free water park, burning up energy on a few playgrounds, and eating everything the Western Sizzlin' had to offer really helped round out the day.

The following day, we hiked to the bottom of Bridal Veil Falls, followed by an afternoon at the beach.  We had one lunch before we went there, then another on our return, followed by blissful napping in a cold dark bedroom.  Upon waking, we headed back to the beach to await fireworks at Freedom Fest on the Lake with the best seats in the house, right down in the water.

After that late night, we slept in a little, then headed to the top of Sugar Loaf, cooling our heals shortly thereafter in Collins Creek.  The beach called to us again, and we spent the rest of the afternoon there, after finishing Lunch Part 1.  After the beach, they polished off the rest of their watermelon in Lunch Part 2, then crashed hard in their cold dark bedroom.  They met some new friends that evening, doing their best to crash into each other on the Slip & Slide in the backyard, before heading down to the park to expend the rest of their energy.

Morning found us chocolate chip pancakes and on the road again.  Rain trashed any attempts to do much.  We eventually outran it, though it caught up to us at nearly every stop along the way. We cooled our heels a few times, once at the Buffalo River, where skipped rocks and just chilled for a bit, and the other at Woods Fork.  Ice cream in Springfield offered a different break from the road, along with a stop at Gordon's Orchard, after finally breaking free of that snarl of traffic.  The Optimist playground offered more relief in Clinton, but had no facilities, so bailed in favor of pizza followed by the playground in Urich.

Skies darkened again and pressed us homeward again, but not before offering up a clear view of the tornado beginning its descent upon central southwest Missouri.  After that, nothing but pure joy to finally be home in the comfort of our own beds after only 11 hours on the road this time.