When it comes to content management in SharePoint, half the battle is figuring out the best angle of attack.  Why?  Well, because there are so many options and combinations of options that come into play when designing a solution.

Take the SharePoint permissions architecture, for example.  There are 33 different permission masks divided into 3 categories: personal, list and site permissions.  These are combined into role definitions (permission levels) which may be assigned to users and groups and then associated with sites, lists and list items.   Often, you need to create a custom role definition for a particular user or group.  When doing so, it is important to understand permission dependencies, because that will determine the effective permissions being granted.

With the exception of the "Open" permission, which grants the ability to open Web sites, lists and folders to access their contents, every SharePoint permission depends on one or more of the other permissions.  This means, for example, that if you grant the "Manage Alerts" site permission, you are also automatically granting the "Create Item Alerts", "View List Items", and "Open List Items" list permissions as well as the "View Site Pages" and "Open" site permissions.

If you're like me, with so much information to digest and process, and so little time to do it in, a simple diagram can go a long way towards sharpening your focus.  To that end, here is a little chart I created for my ECM401 course (all praise to the Visio gods!) that you may find useful.

Enjoy.