SharePoint Slándáil Bunúsaigh Chéad / Seachain Ceapa Tuisle Coiteann

Suas chun dáta 12/18/07: Féach alt Paul Liebrand do roinnt iarmhairtí teicniúla a bhaint de nó a mhodhnú ainm an ghrúpa réamhshocraithe (fheiceáil a comment thíos chomh maith).

Forbhreathnú:

SharePoint security is easy to configure and manage. Mar sin féin, it has proven to be difficult for some first-time administrators to really wrap their hands around it. Not only that, I have seen some administrators come to a perfect understanding on Monday only to have lost it by Friday because they didn’t have to do any configuration in the intervening time. (Mé a admháil go bhfuil an fhadhb seo mé féin). This blog entry hopefully provides a useful SharePoint security primer and points towards some security configuration best practices.

Nóta Tábhachtach:

This description is based on out of the box SharePoint security. My personal experience is oriented around MOSS so there may be some MOSS specific stuff here, but I believe it’s accurate for WSS. I hope that anyone seeing any errors or omissions will point that out in comments or ríomhphost chugam. I’ll make corrections post haste.

Bunúsaigh:

Chun críocha an forbhreathnú seo, tá ceithre ghnéithe bunúsacha le slándáil: úsáideoirí / grúpaí, rudaí securable, leibhéil cead agus oidhreacht.

Úsáideoirí agus Grúpaí bhriseadh síos go dtí:

  • Úsáideoirí aonair: Ceirteacha tarraingthe ó eolaire gníomhach nó a cruthaíodh go díreach i SharePoint.
  • Grúpaí: Mapped directly from active directory or created in SharePoint. Groups are a collection of users. Groups are global in a site collection. They are never "tied" le rud securable leith.

Rudaí Securable bhriseadh síos go dtí ar a laghad,:

  • Láithreáin
  • Leabharlanna Doiciméad
  • Míreanna aonair i liostaí agus leabharlanna doiciméad
  • Fillteáin
  • Suímh éagsúla BDC.

Tá rudaí eile securable, ach gheobhaidh tú an pictiúr.

Leibhéil Cead: A carn de gráinneach / low level access rights that include such things as create/read/delete entries in lists.

Oidhreachta: By default entities inherit security settings from their containing object. Sub-sites inherit permission from their parent. Document libraries inherit from their site. So on and so forth.

Baineann úsáideoirí agus grúpaí chun rudaí securable trí leibhéil cead agus oidhreacht.

Na Rialacha Slándála chuid is mó tábhachtach a thuiscint, Riamh 🙂 :

  1. Tá Grúpaí simplí bailiúcháin na n-úsáideoirí.
  2. Tá Grúpaí domhanda laistigh de bhailiúchán láithreán (i.e. níl aon rud den sórt sin mar ghrúpa atá sainmhínithe ag leibhéal láithreán).
  3. Ainm grúpa d'ainneoin, Ní dhéanann grúpaí, i agus de féin, have any particular level of security.
  4. Groups have security in the context of a specific securable object.
  5. Is féidir leat leibhéil éagsúla cead a shannadh don ghrúpa céanna do gach réad securable.
  6. Polasaithe iarratas Gréasáin trump seo ar fad (Féach thíos).

Is féidir le riarthóirí Slándáil caillte i farraige de ghrúpa agus liostaí úsáideoirí brath i gcónaí ar na axioms a bhainistiú agus a thuiscint a n-chumraíocht slándála.

Ceapa Tuisle Coiteann:

  • Tuiscint ainmneacha Grúpa go bréagach cead: As an bosca, SharePoint defines a set of groups whose names imply an inherent level of security. Consider the group "Contributor". One unfamiliar with SharePoint security may well look at that name and assume that any member of that group can "contribute" to any site/list/library in the portal. That may be true but not because the group’s name happens to be "contributor". This is only true out of the box because the group has been provided a permission level that enables them to add/edit/delete content at the root site. Through inheritance, the "contributors" group may also add/edit/delete content at every sub-site. One can "break" the inheritance chain and change the permission level of a sub-site such that members of the so-called "Contributor" Ní féidir le grúpa cur ar chor ar bith, ach amháin a léamh (mar shampla). This would not be a good idea, ar ndóigh, ós rud é go mbeadh sé an-mearbhall.
  • Ní shainmhínítear Grúpaí ag leibhéal láithreán. It’s easy to be confused by the user interface. Microsoft provides a convenient link to user/group management via every site’s "People and Groups" nasc. It’s easy to believe that when I’m at site "xyzzy" and I create a group through xyzzy’s People and Groups link that I’ve just created a group that only exists at xyzzy. That is not the case. I’ve actually created a group for the whole site collection.
  • Ní tuairiscíodh ballraíocht Grúpaí athrú ag láithreán (i.e. Tá sé mar an gcéanna i ngach áit go bhfuil an grúpa a úsáidtear): Consider the group "Owner" agus dhá shuíomh, "HR" and "Logistics". It would be normal to think that two separate individuals would own those sites — an HR owner and a Logistics owner. The user interface makes it easy for a security administrator to mishandle this scenario. If I didn’t know better, D'fhéadfadh liom rochtain a fháil ar na Daoine agus naisc Grúpaí tríd an láithreán AD, select the "Owners" group and add my HR owner to that group. A month later, Logistics comes on line. I access People and Groups from the Logistics site, add pull up the "Owners" group. I see the HR owner there and remove her, thinking that I’m removing her from Owners at the Logistics site. Go deimhin, I’m removing her from the global Owners group. Hilarity ensues.
  • Má theipeann ar ghrúpaí atá bunaithe ar ról sonrach ainm: The "Approvers" group is a perfect example. What can members of this group approve? Where can they approve it? Do I really want people Logistics department to be able to approve HR documents? Of course not. Always name groups based on their role within the organization. This will reduce the risk that the group is assigned an inappropriate permission level for a particular securable object. Name groups based on their intended role. In the previous HR/Logistics scenario, Ba chóir dom a chruthaigh dhá ghrúpa nua: "HR Owners" and "Logistics Owners" agus leibhéil cead ciallmhar le haghaidh gach agus an méid íosta is gá do na húsáideoirí sin a gcuid oibre a shannadh.

Tagairtí Úsáideacha Eile:

Má tá tú rinne sé seo i bhfad:

Please let me know your thoughts via the comments or email me. If you know other good references, le do thoil a dhéanamh ar an céanna a!

Clibeanna Technorati:

Tapaidh agus éasca: Cruthaigh Sonraí View Gréasáin Cuid (DVWP)

Tá saibhreas eolais mór ar an SFP 3.0 Sonraí View Web Cuid (DVWP) on the web from several sources. Mar sin féin, I found it to be surprisingly difficult to find information on this first very basic step. Here is another article in the "quick and easy" sraith chun aghaidh a thabhairt air.

Lean na céimeanna seo a chruthú mar chuid sonraí gréasáin dearcadh (DVWP). They are based on an "Announcements" chuid gréasáin, ach maidir le liostaí an chuid is mó.

  1. Cruthaigh chuid gréasáin Fógraí agus é a chur ar shuíomh.
  2. Oscail an suíomh i SharePoint Dearthóir.
  3. Oscail an tsuímh default.aspx.
  4. Select the Announcements web part and right-click.
  5. Ón roghchlár comhthéacs, select "Convert to XSAnT Data View".

SharePoint Dearthóir in iúl duit go bhfuil an suíomh seo saincheaptha anois óna sainmhíniú láithreán. Ní Sin gá go dona, ach tá impleachtaí tábhachtacha (feidhmíocht, uasghrádú, daoine eile) which are beyond the scope of this little "Quick and Easy" iontrála. To get more information on this subject, Molaim an dá leabhar anseo chomh maith le do cuardach idirlín is fearr leat.

Deimhnigh go ndearna tú é i gceart:

  1. Dún agus a ath-oscailt an brabhsálaí gréasáin (to avoid accidentally re-posting the original "add a new web part").
  2. Select the web part’s arrow drop-down and choose "Modify Shared Web Part" ón roghchlár.
  3. Osclaíonn an painéal uirlis chun an ceart.
  4. Tá an painéal athraithe óna roghanna atá leagtha gnách leis seo:
íomhá

“Ní féidir a fháil ar an scéimre liosta maoin colún ón liosta SharePoint” — Cur síos / obair-arounds

An tseachtain seo, atáirgeadh againn ar deireadh le fadhb a bhí thuairiscítear ag úsáideoir iargúlta: Nuair a rinne sí chun an t-ábhar ar liosta a onnmhairiú go dtí barr feabhais, bheadh ​​rudaí cosúil le tosú ag obair, ach ansin bheadh ​​Excel pop suas earráid: "Cannot get the list schema column property from the SharePoint list". She was running office 2003, windows XP and connecting to MOSS.

Chuardaigh mé an Internets agus chonaic roinnt tuairimíocht ach faic 100% definitive. Hence, an post seo.

An fhadhb: Onnmhairithe d'fhonn barr feabhais a tá a dháta (date = an cineál sonraí a an colún).

Cad a d'oibrigh linn: Convert the date to a "single line of text". Ansin,, é a thiontú ar ais go dtí dáta.

That solved it. It was nice to see that the conversion worked, iarbhír. It was quite nervous that converting things this way would fail, but it did not.

Tá an bug thrown scáth ollmhór thar an gcineál sonraí a dháta sa chliaint aigne, mar sin táimid ag dul a bheith ag lorg amach freagra deifnídeach ó Microsoft agus tá súil againn go mbainfidh mé sa phost agus a nuashonrú anseo sa tréimhse ghearr ama eile lena n-freagra oifigiúil agus eolas hotfix.

Tagairtí Eile:

http://www.kevincornwell.com/blog/index.php/cannot-get-the-list-schema-column-property-from-the-sharepoint-list/

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2383611&SiteID=1

<deireadh>

Liostáil le mo bhlag.

Clibeanna Technorati: ,

Quick agus Simplí: Seol ríomhphost le hyperlink leabaithe ó sreabhadh oibre Dearthóir SharePoint

Uair nó dhó sa mhí, post duine éigin ceist fóram: "Conas is féidir liom a áireamh hipearnasc le URL ná go bhfuil Inchliceáilte ó r-phost Dearthóir SharePoint?"

Á chur i láthair gan trácht breise: (go maith, iarbhír atá ann trácht a dhéanamh a thuilleadh tar éis an íomhá):

íomhá

Becky Isserman a leanas suas le míniú ar conas cabhrach a leabú nasc chuig mír sa ríomhphost: http://www.sharepointblogs.com/mosslover/archive/2007/11/20/addition-to-paul-galvin-s-post-about-sending-an-e-mail-with-hyperlinks-in-spd.aspx

Scaoileadh nua: Eisínteachtaí SharePoint Sreabhadh Oibre Dearthóir (feidhmeanna ionramháil teaghrán)

Suas chun dáta: Féach anseo le haghaidh mo smaointe ar thráchtálú an tionscadal seo: http://paulgalvin.spaces.live.com/blog/cns!1CC1EDB3DAA9B8AA!569.entry

Bhí mé gnóthach ag obair ar mo tionscadal CodePlex atá dírithe faoi láthair ar sholáthar síntí ionramháil teaghrán chun sreabhadh oibre a cruthaíodh trí SharePoint Dearthóir.

Féach anseo le haghaidh sonraí:

Baile Tionscadail: http://www.codeplex.com/spdwfextensions

Scaoileadh: https://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=spdwfextensions&ReleaseId=8280

Leagan 1.0 Áirítear na gnéithe nua seo a leanas:

Feidhm Cur Síos (más rud é nach céanna. fheidhm Glan)
Num-iontrálacha() Returns the number "entries" in a string as per a specified delimiter.

Mar shampla: Num-entries in a string "a,b,c" with delimiter "," = 3.

Iontráil() Returns the nth token in a string as per a specified delimiter.
Fad String.Length
Ionadaigh() String.Replace()
Tá() String.Contains()
Returns the word "true" or the word "false".
Bhfotheaghrán(tús a chur) String.Substring(tús a chur)
Bhfotheaghrán(tús a chur,fhad) String.Substring(tús a chur,fhad)
Cos() String.ToUpper()
Ní eagar() String.ToLower()
StartsWith() String.StartsWith()
Returns the word "true" or the word "false".
EndsWith() String.EndsWith()
Returns the word "true" or the word "false".

A earráid runtime BDC Mhínigh

Ba chúis agam earráid BDC an tseachtain seo gur léiriú é féin ar an comhéadan úsáideora agus i 12 hive logáil ag runtime.

An Chéad, seo le feiceáil sa comhéadan úsáideora:

Níorbh fhéidir teacht ar réimsí a chur isteach gach Luachanna Aitheantóir a fhorghníomhú i gceart ar MethodInstance SpecificFinder leis Ainm … A chinntiú go bhfuil Paraiméadair ionchur TypeDescriptors a bhaineann le gach Aitheantóir sainithe don Aonán.

Seo lámhaigh scáileán:

gearrthóg_íomhá001

Raibh mé faoi deara freisin an teachtaireacht seo le feiceáil sa 12 logáil hive ag mbeidh (using my patented high-tech-don’t-try-this-at-home "Earráidí mistéireach" modh):

11/14/2007 09:24:41.27 w3wp.exe (0x080C) 0x0B8C SharePoint Portal Server Business Data 6q4x High Exception in BusinessDataWebPart.OnPreRender: System.InvalidOperationException: An luach Aitheantóir ”, Cineál ”, Is neamhbhailí. Expected Identifier value of Type ‘System.String’. ag Microsoft.Office.Server.ApplicationRegistry.MetadataModel.Entity.FindSpecific(Réad[] subIdentifierValues, LobSystemInstance lobSystemInstance) ag Microsoft.SharePoint.Portal.WebControls.BdcClientUtil.FindEntity(Eintiteas Aonán, Réad[] userValues, LobSystemInstance lobSystemInstance) ag Microsoft.SharePoint.Portal.WebControls.BusinessDataItemBuilder.GetEntityInstance(View desiredView) ag Microsoft.SharePoint.Portal.WebControls.BusinessDataDetailsWebPart.GetEntityInstance() ag Microsoft.SharePoint.Portal.WebControls.BusinessDataDetailsWebPart.SetDataSourceProperties()

Chuardaigh mé timpeall agus fuair roinnt mar thoradh ar an MSDN fóram, but they weren’t enough for me to understand what I was doing wrong. I watched a webcast by Ted Pattison go mo cuideachta Tá squirreled shiúl ar fhreastalaí agus tháinig a bhaint amach mo fhadhb.

I mo ADF, Tá mé ag nascadh le bunachar sonraí SQL mar a thaispeántar:

            <Maoin Ainm="RdbCommandText" Cineál="System.String">
              <![CDATA[
                ROGHNAIGH
                      , CARRIER_ID, EFFDT, DESCR, EFF_STATUS, TAXPAYER_ID, NETWORK_ID, FRT_FORWARD_FLG, ALT_NAME1, ALT_NAME2, LANGUAGE_CD,
                      TÍR, ADDRESS1, ADDRESS2, ADDRESS3, ADDRESS4, CATHRACH, NUM1, NUM2, HOUSE_TYPE, ADDR_FIELD1, ADDR_FIELD2, ADDR_FIELD3,
                      CONTAE, STÁIT, SEIRBHÍSÍ POIST, GEO_CODE, IN_CITY_LIMIT, COUNTRY_CODE, FÓN, EXTENSION, Facs, LAST_EXP_CHK_DTTM, FREIGHT_VENDOR,
                      INTERLINK_DLL, TMS_EXCLUDE_FLG
                 (nolock)
                ÁIT
                  (Leas <> 'SHARE') agus
                  (níos ísle(CARRIER_ID) >= Níos ísle(@ MinID)) agus
                  (níos ísle(CARRIER_ID) <= Níos ísle(@ MaxId)) agus
                  (níos ísle(DESCR) Mhaith níos ísle(@ InputDescr))
                ]]>
            </Maoin>

Cuireadh mé go SQL ó dhuine DBA agus tá mé thabhairt le tuiscint go bhfuil sé speisialta view they created just for me. The unique key there is CARRIER_ID.

Seo é an fabht thug mé:

      <Aitheantóirí>
        <Sainaithin Ainm="CARRIER_ID" TypeName="System.String" />
        <Sainaithin Ainm="DESCR" TypeName="System.String" /> 
</Aitheantóirí>

Áit éigin feadh na líne, Bhí éirigh liom a chur amú mé féin os cionn an bhrí <Aitheantóirí> and added DESCR even though it’s not actually an identifier. I took DESCR out of the identifiers set and presto! D'oibrigh sé go léir.

Tá súil agam go sábhálfaidh sé seo brón ar dhuine 🙂

Clibeanna Technorati: , , ,

Ní féidir leat buille Reach SharePoint ar

Le linn an dá lá seo caite, I have participated in two meetings during which we presented the results of a SharePoint project. The CIO and his team joined the first meeting. That’s standard and not especially notable. The IT department is obviously involved in an enterprise rollout of any technology project. The second meeting expanded to include a V.P. ó mhargaíocht, roinnt stiúrthóirí AD, Loighistic, Déantúsaíocht, Tionscadail Chaipitil, Cáilíocht, Ceannaigh, Forbairt Chorparáideach agus ranna eile (Ní raibh cuid acu páirteach fiú go díreach sa chéim reatha). That’s a mighty wide audience.

I mo shaol roimhe, I primarily worked on ERP and CRM projects. They both have a fairly wide solution domain but not as wide as SharePoint. To be fully realized, SharePoint projects legitimately and necessarily reach into every nook and cranny of an organization. How many other enterprise solutions have that kind of reach? Not many.

SharePoint clearly represents an enormous opportunity for those of us fortunate enough to be in this space. It provides a great technical opportunity (a iompú ar bhealach ar a cheann anseo under "Technologies You Must Master"). But even better, SharePoint exposes us to an extensive and wide range of business processes through these engagements. How many CRM specialists work with the manufacturing side of the company? How many ERP consultants work with human resources on talent acquisition? SharePoint exceeds them both.

Cosúil le aon rud, nach bhfuil sé foirfe, ach tá sé ina áit mhaith damanta a bheith.

Chun an grá [líonadh isteach i do duine is mó a grá / níos airde a bheith], don’t change the ‘Title’ colún láithreán.

Ar an Fóraim SharePoint, someone occasionally asks about "changing the label of Title" or about "removing title from lists".

Bottom line: Ná ní dhéanann sé!

Faraor, Ceadaíonn an comhéadan úsáideora a athrú aon-bhealach an lipéad colún mar a léirítear:

íomhá

Title is a column associated with the "Item" cineál ábhar. Go leor, go leor, go leor CT ar úsáid an colún seo agus má athraíonn tú anseo, it ripples out everywhere. There’s a good chance that you didn’t intend for that to happen. You were probably thinking to yourself, "I have a custom lookup list and ‘Title’ ní hamháin ciall a bhaint as mar ainm gcolún, so I’m going to change it to ‘Status Code’ and add a description column." But if you follow through on that thought and rename ‘Title’ to ‘Status Code’, gach liosta teideal (lena n-áirítear leabharlanna doiciméad) changes to "Status Code" agus má tá tú is dócha nach raibh ar intinn chun go dtarlóidh.

Is é an fhadhb fíor go bhfuil an t-athrú aon-bhealach. The UI "knows" that "title" is a reserved word. Mar sin,, if you try and change "Status Code" back to "Title", beidh sé cosc ​​ort agus anois tá tú péinteáilte tú féin isteach i gcúinne using paint that never dries 🙂

Mar sin, cad a tharlaíonn má d'athraigh tú cheana féin é? I haven’t seen the answer we all want, which is a simple and easy method to change the label back to ‘Title’. Right now, the best advice is to change it to something like "Doc/Item Title". That’s a generic enough label that may not be too jarring for your users.

Tá mé smaointe eile beag atá ar liosta mo do-a dhéanamh de na rudaí a thaighde:

  • Teagmháil Microsoft.
  • An bhfuil rud éigin leis an tsamhail réad, b'fhéidir i gcomhar le gné.
  • Figiúr amach an scéimre bunachar sonraí agus de láimh SQL thabhairt cothrom le dáta. (Ba chóir duit teagmháil Microsoft roimh é seo a dhéanamh cé go; beidh sé ar neamhní is dócha do chonradh tacaíochta).

Má tá aithne ag aon duine conas a réiteach seo a, le do thoil post a comment.

Nuashonraigh déanach san iarnóin, 11/15: Fuair ​​mé an nasc seo a chuireann síos ar mhodh a chruthú i ndáil le cineál liosta nach bhfuil colún teideal: http://www.venkat.org/index.php/2007/09/03/how-to-remove-title-column-from-a-custom-list/

BDC ADF agus do chara, CDATA

Tá mé faoi deara roinnt awkward agus nach bhfuil gá lámh-ionchódú de RdbCommandText i roinnt samplaí (lena n-áirítear doiciméadú MSDN).

I wanted to point out to newcomers to BDC that commands can be wrapped inside a CDATA tag in their "natural" form. Mar sin,, seo a thógáil awkward:

<Maoin Ainm="RdbCommandText" Cineál="System.String">
Roghnaigh dbo.MCRS_SETTLEMENT.id, dbo.MCRS_SETTLEMENT.settlement ó dbo.MCRS_SETTLEMENT
ÁIT (id &gt;= @ MinID) AGUS (id &lt;= @ MaxId)
</Maoin>

Is féidir a bheith níos fearr ar an mbealach seo ionadaíocht:

<Maoin Ainm="RdbCommandText" Cineál="System.String">
<![CDATA[
Roghnaigh dbo.MCRS_SETTLEMENT.id, dbo.MCRS_SETTLEMENT.settlement ó dbo.MCRS_SETTLEMENT
ÁIT (id >= @ MinID) AGUS (id <= @ MaxId)
]]>
</Maoin>

</deireadh>

Primer BDC

Votepage leis BDC

Sampla Feidhme: BDC ADF nasc go dtí bunachar sonraí SQL le id úsáideora agus do phasfhocal a leabaithe

I needed to wire up MOSS to a SQL database via BDC. For testing/POC purposes, I wanted to embed the SQL account user id and password in the ADF. Starting with an teimpléad seo (http://msdn2.microsoft.com/en-us/library/ms564221.aspx), Chruthaigh mé an ADF a cheanglaíonn le ásc freastalaí ar leith SQL agus logaí i le id shonrach an úsáideora agus do phasfhocal agus le feiceáil ar an Blúire:

  <LobSystemInstances>
    <LobSystemInstance Ainm="ClaimsInstance">
      <Airíonna>
        <Maoin Ainm="AuthenticationMode" Cineál="System.String">PassThrough</Maoin>
        <Maoin Ainm="DatabaseAccessProvider" Cineál="System.String">SqlServer</Maoin>
        <Maoin Ainm="RdbConnection Foinse" Cineál="System.String">freastalaí iarbhír  shampla iarbhír</Maoin>
        <Maoin Ainm="Catalóg RdbConnection Tosaigh" Cineál="System.String">catalóg tosaigh iarbhír</Maoin>
        <Maoin Ainm="RdbConnection Comhtháite Slándáil" Cineál="System.String">SSPI</Maoin>
        <Maoin Ainm="RdbConnection Comhthiomsú" Cineál="System.String">bréagach</Maoin>

        <!-- Seo iad na luachanna lárnacha: -->
        <Maoin Ainm="ID Úsáideoir RdbConnection" Cineál="System.String">aID Úsáideoir ctual</Maoin>
        <Maoin Ainm="Pasfhocal RdbConnection" Cineál="System.String">Pasfhocal iarbhír</Maoin>
        <Maoin Ainm="Trusted_Connection RdbConnection" Cineál="System.String">bréagach</Maoin>

      </Airíonna>
    </LobSystemInstance>
  </LobSystemInstances>

Níl sé dea-chleachtas, but it’s useful for a quick and simple configuration for testing. This was surprisingly difficult to figure out. I never found a functional example with search keywords:

  • ADF leabaithe userid agus focal faire
  • id úsáideora agus do phasfhocal i ADF leabú
  • id úsáideora agus do phasfhocal i ADF bdc leabú
  • SharePoint bdc primer
  • SharePoint leabú id úsáideora agus do phasfhocal i ADF

</deireadh>

Liostáil le mo bhlag.