1 / 22

Windows SharePoint Services Managing users and rights

Windows SharePoint Services Managing users and rights. Agenda. Authentication and Authorization Site Administrators Box Administrators Managing Users and Site Groups WSS Object Permissions. Managing Sites and Sub-sites. Manage immediate set of sub-sites for the current site*

lucas-barnett
Download Presentation

Windows SharePoint Services Managing users and rights

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows SharePoint ServicesManaging users and rights

  2. Agenda • Authentication and Authorization • Site Administrators • Box Administrators • Managing Users and Site Groups • WSS Object Permissions

  3. Managing Sites and Sub-sites • Manage immediate set of sub-sites for the current site* • View Full list of sub-sites for the site collection** • Managed from HTML Pages or command-line • Site-creation is a simple two-step process

  4. Authentication • Authentication – the verification of identity of a person or process • Different from authorization, which determines which functions you can perform • WSS does not perform it’s own authentication – this is handled by IIS • IIS’ authentication mechanism requires an NT account (either local or AD)

  5. Authentication Setup • Two main setups for authentication – account creation mode or pre existing domain • With a pre existing domain, use IIS with Windows authentication enabled, no new user accounts needed • Account creation mode is a feature, selected at install time, that will generate a new account in the AD for each user – pre existing accounts cannot be used. IIS is setup to use basic or digest authentication • Don’t use local machine accounts! • Migrating will be a big pain if you do • Passport authentication and WSS don’t work well together

  6. Anonymous Access • Anonymous access is limited – the most anonymous users can do is insert list items • By default, it is turned off, both at the web site level and at the IIS level • WSS UI is sensitive to IIS setting • Setting anonymous access is done at myriad different points • IIS setting for the virtual server • On/Off switch at the web site level • Rights mask at the individual list level

  7. DemoConfigurazione Accesso Anonimo

  8. Site Collections • A Site Collection is a set of logically related Web Sites that can be collectively managed • Each Site Collection has a single top level Web Site • Individual users can be marked as Site Collection Administrators • This grants them full access to all content

  9. Box & WSS Administrators • WSS supports two sets of high level administrators, box admins and SharePoint Administrative Group members • SharePoint Administrative Group is defined in WSS Central Administration • WSS checks to see if the current user is a box admin or in the domain group. If so, full access is granted to all site collections • Four differences between abilities of box admins and WSS admins • Change configuration database • Change WSS admin domain group • Manage content paths • Extend/unextend IIS virtual servers

  10. Security & Site Collections • Site collection administrators have three main responsibilities • Users and cross-site groups on the site collection • Users are rolled up at the site collection level, and can be managed there • Cross site groups are scoped to the site collection level • Quota issues for the site collection • Rights mask for the site collection

  11. DemoImpostazione Gruppo Amministrativo

  12. WSS Authorization • Whereas WSS relies on IIS for authentication, WSS performs all it’s own authorization • Implementation is similar to NT system • WSS specific ACLs dictate access • ACL is a collection of ACEs, each of which maps a security principle (user, group, etc) to a set of rights • NT is called for domain group resolution

  13. Managing Users • Users give people access to a site • Every site has it’s own set op users • The site owner can choose to inherit users from the parent site, or create a unique set of users • Can enable Anonymous access on • Entire Site, Lists and Libraries or Nothing • Can enable access for all authenticated users as • Readers or Contributors • Can manage all users in a site collection Site Settings  Go to Site Administration  Manage Users

  14. Web Site Security • Site Groups are scoped to an individual Web Site • Site Groups by default • Guest* • Reader • Contributor • Designer Web • Administrator • Which Site Groups a user is a member of determine their default permissions to objects in that site (and any inherited web sites) • Membership in multiple Site Groups is possible • A Web Site’s security can be either inherited from it’s parent web, or unique

  15. Managing Usersand Site Groups • Membership to a Site Group determines the rights a user has • Use built-in groups or create your own • Each Site Group has a set of rights • Copy feature allows you to copy all rights to another group Site Settings  Go to Site Administration  Manage site groups

  16. Managing Cross-Site Groups • Group users together in one entity • Cross-site groups must be assigned to a site group in order to give the users in the site-group rights on the Site • Can be used on any site within the site-collection • Useful if equivalent is not available as an AD Security group Site SettingsGo to Site Administration Manage cross-site groups

  17. AD WSS WSS Users John Smith Peter Collins Judy Lew Kim Clark Paul West Don Hall Suzan Fine Groups Marketing Sales Production Site Users John Smith Judy Lew Kim Clark Cross-Site Groups Managers Regional VPs HR AssistantsSales and Marketing Site Groups Web Designer Contributor Reader Administrator Corporate Directory Who has Access to a Site ? What Rights do they have ? Managing Cross-Site Groups Site SettingsGo to Site Administration Manage cross-site groups

  18. DemoCreazione Site Groups e Cross-Site Group

  19. Permissions in WSS • WSS uses “rights” - a right is a privilege that allows a user to perform an action on the server. • Example: View Pages, Insert List Items, Change List Permissions. • There are currently about 20 rights. • Some rights are dependent on others. Example: Insert List Items has View List Items as a dependent. • At the IIS virtual server level there is a “rights mask” • This enables/disables rights for use on Web Site Collections within that virtual server • Is settable by box administrators and WSS administrators

  20. User Level Security and Web Parts • Shared and Personal modes • Shared mode changed seen by all users • Personal mode changes seen only by the individual making them • Rights controlling user modes: • Shared: • Add or customize pages – allows shared mode changes for parts and pages outside document libraries • Edit list items – allows shared mode changes for parts and pages inside document libraries • Personal: • (Add or Remove Private Web Parts) Personalize Web Part pages – allows users to add/delete parts in personal mode for pages in webs and document libraries • (Updated Personal Web Parts) Personalize Web Parts – allows users to modify part properties in personal mode for pages in webs and document libraries

  21. DemoAttribuzione permessi

  22. I prossimi appuntamenti • Lunedì 10/05/2004 ore 10.30WSS e i modelli personalizzati: siti, liste, raccolte • Martedì 25/05/2004 ore 10.30Introduzione a XML in Office 2003(no developer)

More Related