Alioqui quid limitatur Access?

UPDATE 11/03/08: Be sure to read the excellent and detailed comment from Dessie Lunsford to this post.

I’ve been working on a secret tech editing project for an up-coming book and it references this blog entry by Tyler Butler on the MSDN ECM blog. This is the first time I personally read a clear definition of the meaning of Limited Access. Here’s the meat of the definition:

In SharePoint, anonymous users’ rights are determined by the Limited Access permission level. Limited Access is a special permission level that cannot be assigned to a user or group directly. The reason it exists is because if you have a library or subsite that has broken permissions inheritance, and you give a user/group access to only that library/subsite, in order to view its contents, the user/group must have some access to the root web. Otherwise the user/group will be unable to browse the library/subsite, even though they have rights there, because there are things in the root web that are needed to render the site or library. Therefore, when you give a group permissions only to a subsite or library that is breaking permissions inheritance, SharePoint will automatically give Limited Access to that group or user on the root web.

This question comes up now and then on the MSDN forums and I’ve always been curious (but not curious enough to figure it out before today :)).

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin

Technorati Tags:

Sæpe Will Georgius mihi non consentiens Big, Sed eventus ius Circa Tristia

The closing thought on this otherwise dull article speaks well to problems we often face in the technical community:

"Such dreary developments, anticipated with certainty, must be borne philosophically."

This puts me in mind of one of the presentations I gave at the SharePoint Best Practices conference last month. I was describing how to get "great" business requirements and someone in the audience asked, in effect, what to do if circumstances are such that it’s impossible to get great requirements. Verbigratia, a given company’s culture places IT in front of the requirements gatherer / business analyst, preventing direct communication with end users. This is a serious impediment to obtaining great business requirements. My answer was "walk away." I’m not a big humorist, so I was surprised at how funny this was to the audience. Autem, I’m serious about this. If you can’t get good requirements, you can be certain that a dreary outcome will result. Who wants that? I’m a consultant, so it’s more realistic (although terribly painful and drastic) for me to walk away. Autem, if you’re entrenched in a company and don’t want to, or can’t, walk away, George (nam semel ) shows the way.

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin

Technorati Tags:

SharePoint Designer Lorem Ipsum et Email attachiamentis — A Consummatione Devotus optandum

Miserabile, it is not to be. We cannot send an email with attachments from a SharePoint Designer workflow using out of the box features. This wish comes up with increasing regularity on the MSDN forums.

Autem, in SharePoint suggestu, sicut cum tot rerum, does offer us a path forward. Potest creare consuetudinem actionum which we then incorporate into our workflows. Once installed, consuetudo actio spectat et sentit sicut alia actio (e.g. Notitia collecta, Stipes nuntius, etc).

Creando more actio est magnum montem scandere, autem, for End Users. This codeplex project provides this functionality: http://www.codeplex.com/SPDActivities. Pulling that down and installing it is also beyond the skills of typical End Users. Autem, quoniam suus 'valde simplex efficio is SharePoint admin, Vnde si te invenies indigens workflow evolvere facultatem, cum hoc, Fusce ut fiat opus vestrum SharePoint.

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin

Technorati Tags:

Vivos Tip: Sino Obvius ut quis securitatem ad configurare Admins meum in SharePoint Site

In signum quod Amicabiliter Computing incipiens tollet cum SharePoint, I see an increased number of My Site type questions. One common question goes something like this:

"I am an administrator and I need to be able to access every My Site. How do I do that?"

The trick here is that each My Site is its own site collection. SharePoint security is normally administered at the site collection level and this trips up many a SharePoint administrator. Normally, she already has access to configure security in the "main" site collectis et non intellexerunt quod ex hoc non sua sponte opus meum Sites.

Collectiones situ amplior collective vivunt intus continentis, which is the web application. Farm admins can can configure security at the web app level and this is how admins can grant themselves access to any site collection in the web application. This blog entry describes one of my personal experiences with web application policies. I defined a web application policy by accident: http://paulgalvin.spaces.live.com/Blog/cns!1CC1EDB3DAA9B8AA!255.entry.

Web application policies can be dangerous and I suggest that they be used sparingly. If I were an admin (Deo gratias et non sum), I would create a separate AD account named something like "SharePoint Web App Administrator" and give that one account the web application security role it needs. I would not configure this kind of thing for the regular farm admin or individual site collection admins. It will tend to hide potential problems because the web app role overrides any lower level security settings.

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin

Technorati Tags: ,

Vivos Tip: Utor “IsDocument:1” ut Trim Search Results

Update 11/03/08: Conservus MVP Mike Walsh recte ostendit hoc esse WSS 3.0 / MOSS feature. It does not work in WSS 2.0 vel maturiorem.

Updatte 11/03/08: (Secundo update in die una!): Be sure to read the excellent comment from "nowise" et in bono alio more info xref nectunt.

Two questions came up in rapid succession this week on the MSDN forums asking a variation of this:

"When I search a keyword, folders from my document library with that keyword in their path will come out first in my search results. I don’t want that to happen. Files with that keyword are more important to me. I don’t want to see folders at all."

This is actually quite easy to do out of the box. Simply add a "IsDocument:1" to the search query and SharePoint search (both WSS and MOSS) will restrict itself to showing actual documents.

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin

Technorati Tags:

Vivos Fix: Textus Muneris quod penitus SharePoint, InvalidOperationException

Decies annos elapsos, I helped developed a web service that was invoked via a custom action for a SharePoint Designer workflow. Hoc septimana, client voluit movere ad productionem (tandem!) ita fecimus,.

Actione opus denique consuetudinem, sed textus muneris eam non invocari, dans nobis in hoc errore:

System.InvalidOperationException: Haec operatio non potest fieri nisi a computer in quod adhaeret firma servo users ex venia, qui in SQL Servo legere ex database configuration. Ad coniungere ad hoc moderatro server firmam, uti SharePoint Uber Technologies Configuration Veneficus, sita in Satus Menu in administrativus Tools.
at Microsoft.SharePoint.Administration.SPWebApplication.Lookup(Uri requestUri)

Turns out that I forgot to add the service to the SharePoint application pool in IIS. Once I did that, id operato simila.

MSDN forum stipes hoc opus, dedit mihi fila: http://social.msdn.microsoft.com/Forums/en-US/sharepointdevelopment/thread/2c97c004-7118-4e06-a62c-b2b0ac07ac99

</finem>

Scribet ad mea blog.

Sequere me Twitter: http://twitter.com/pagalvin

Technorati Tags:

Usura Delicious.com inuestigandum SharePoint “v.next” Information

Ut inveniam opibus features in disputando available in altera versio textus SharePoint, I’ll be adding them to my delicious bookmarks. It appears that Delicious allows people to subscribe to a particular tag, Quod si tu mihi cura ut, cum invenerit eam, hic scribet: http://feeds.delicious.com/v2/rss/pagalvin/SharePoint_O14?count=15

</finem>

Scribet ad mea blog.

Technorati Tags:

Gratulatione, Natalya!

Ut collega et familiaris meus, qui nuntiaverunt, Natalya Voskresenskaya was awarded MVP for SharePoint today. I’ve been working with Natalya for almost 18 months now and it’s a well-deserved recognition. Like all the MVPs I know, illa fortiter moveatur, et communitatis operibus eius ISPA, inter alia, est iuvare ad hoc quod aliquis de communitate SharePoint maxime et technica efficacia cuiuslibet ordinatur labor in planeta.

Rutrum!

</finem>

Iterum pulsat VPN, Retardans me ac mea Beer subvertat

Nocte, I’m doing some hobby work with a virtual machine running on my desktop. I’m connecting via IE on my laptop and I’m noticing horrible performance. IE keeps freezing, maxime cum causa accedere ad id quod superius dextera, usque guttulæ, bene, drop down. I would click on Site Actions and things freeze up for a while. They would freeze long enough for me to switch over to another browser window and do something else. If I confine myself to navigating around from page to page, suus rationabiliter vivos, but even that feels slow. Normally, things are very fast.

I’ve had this happen to me before and I think that I ended up rebooting at the time. I’m about to do that when I somehow notice I’m still VPN’d to a client from 2 days ago(!). I disconnect and that that solves my performance problem.

</finem>

Scribet ad mea blog.

Technorati Tags: ,