SharePoint is a highly configurable, collaborative platform used substantially among many organizations. At the University of Waterloo, it is predominantly used as a document management and storage system. While it boasts vast permission and security options, one of its weakest links is management of those permissions as it only displays its hierarchy security structure in flat-view files. It also has no bulk management tool, no retired user cleanup, and no active directory (AD) group enumeration.
A better option for permissions management
DeliverPoint, an in-context Microsoft SharePoint Permissions Management Tool secured by IST, enables SharePoint farm administrators, site collection administrators, and site owners to effectively manage SharePoint permissions within the context of our current 2016 on-premises environment. It is in place to empower non-IT administrators to accurately report on and manage permissions within their respective site collections, sites, and workspaces.
Accessing DeliverPoint
It is easily accessed through the settings (gear icon) on any SharePoint site and provides users three major options: DeliverPoint, Discover Site Permissions, and Discover all Permissions (Advanced).

DeliverPoint
Clicking on “DeliverPoint” gives users an option to browse site collections through the “tree view” and to manage permissions to any particular site or sub-site they have permissions to. From there, a user can audit, copy, grant, transfer, delete and compare site/sub-site permissions. A user can also clearly see if a site is inheriting or has unique permissions through use of an icon that is greyed out if the permissions are inherited or coloured if the site has unique permissions.

Discover Permissions
Clicking the “Discover Permissions” option allows users to create a report from within the site, which includes real time permission reporting on the site, list, library, and each Folder or Item. It also allows a user to find out who has access to a given object and how that access is given.
A user can report on the same options as before, but now from a site or library perspective allowing for easy sorting of information by site, username, permission level, or how the permission was granted. The report generated is a snapshot of how the permissions are depicted as of that exact moment and can be exported to a spreadsheet with a single click.

Discover All Permissions (Advanced)
The “Advanced” Discover All Permissions report enables users to execute a permissions report that can be pre-filtered to provide a unique view of the data. You can filter by permission level (via email and name), by user (email, display name), or by URL or title.

Benefits of DeliverPoint
Another advantage of DeliverPoint is the ability to keep the “farm” clean (permissions wise) when employees leave the company or get transferred. As a reminder, all features and scope are available only to the extent in which a user has been given permission to access SharePoint.