SharePoint Sigurtà Fundamentals Ewwel / Evita nases Komuni

8 tweġibiet

UPDATE 12/18/07: Ara l-artikolu Paul Liebrand għall xi konsegwenzi tekniċi tat-tneħħija jew timmodifika l-ismijiet tal-grupp default (Ara l-kumment tiegħu hawn taħt kif ukoll).

Ħarsa ġenerali:

SharePoint security is easy to configure and manage. Madankollu, it has proven to be difficult for some first-time administrators to really wrap their hands around it. Not only that, I have seen some administrators come to a perfect understanding on Monday only to have lost it by Friday because they didn’t have to do any configuration in the intervening time. (I admit to having this problem myself). This blog entry hopefully provides a useful SharePoint security primer and points towards some security configuration best practices.

Important Note:

This description is based on out of the box SharePoint security. My personal experience is oriented around MOSS so there may be some MOSS specific stuff here, but I believe it’s accurate for WSS. I hope that anyone seeing any errors or omissions will point that out in comments or email me. I’ll make corrections post haste.

Fundamentals:

For the purposes of this overview, there are four fundamental aspects to security: users/groups, securable objects, permission levels and inheritance.

Users and Groups break down to:

  • Individual users: Pulled from active directory or created directly in SharePoint.
  • Groups: Mapped directly from active directory or created in SharePoint. Groups are a collection of users. Groups are global in a site collection. They are never "tied" to a specific securable object.

Securable objects break down to at least:

  • Sites
  • Document libraries
  • Individual items in lists and document libraries
  • Folders
  • Various BDC settings.

There other securable objects, but you get the picture.

Permission levels: A bundle of granular / low level access rights that include such things as create/read/delete entries in lists.

Inheritance: By default entities inherit security settings from their containing object. Sub-sites inherit permission from their parent. Document libraries inherit from their site. So on and so forth.

Users and groups relate to securable objects via permission levels and inheritance.

The Most Important Security Rules To Understand, Ever 🙂 :

  1. Groups are simply collections of users.
  2. Groups are global within a site collection (I.E. there is no such thing as a group defined at a site level).
  3. Group name not withstanding, groups do not, in and of themselves, have any particular level of security.
  4. Groups have security in the context of a specific securable object.
  5. You may assign different permission levels to the same group for every securable object.
  6. Web application policies trump all of this (see below).

Security administrators lost in a sea of group and user listings can always rely on these axioms to manage and understand their security configuration.

Common Pitfalls:

  • Group names falsely imply permission: Barra mill-kaxxa, SharePoint defines a set of groups whose names imply an inherent level of security. Consider the group "Contributor". One unfamiliar with SharePoint security may well look at that name and assume that any member of that group can "contribute" to any site/list/library in the portal. That may be true but not because the group’s name happens to be "contributor". This is only true out of the box because the group has been provided a permission level that enables them to add/edit/delete content at the root site. Through inheritance, the "contributors" group may also add/edit/delete content at every sub-site. One can "break" the inheritance chain and change the permission level of a sub-site such that members of the so-called "Contributor" group cannot contribute at all, but only read (per eżempju). This would not be a good idea, ovvjament, since it would be very confusing.
  • Groups are not defined at a site level. It’s easy to be confused by the user interface. Microsoft provides a convenient link to user/group management via every site’s "People and Groups" rabta. It’s easy to believe that when I’m at site "xyzzy" and I create a group through xyzzy’s People and Groups link that I’ve just created a group that only exists at xyzzy. That is not the case. I’ve actually created a group for the whole site collection.
  • Groups membership does not vary by site (I.E. it is the same everywhere the group is used): Consider the group "Owner" and two sites, "HR" and "Logistics". It would be normal to think that two separate individuals would own those sites — an HR owner and a Logistics owner. The user interface makes it easy for a security administrator to mishandle this scenario. If I didn’t know better, I might access the People and Groups links via the HR site, select the "Owners" group and add my HR owner to that group. A month later, Logistics comes on line. I access People and Groups from the Logistics site, add pull up the "Owners" group. I see the HR owner there and remove her, thinking that I’m removing her from Owners at the Logistics site. Fil-fatt, I’m removing her from the global Owners group. Hilarity ensues.
  • Failing to name groups based on specific role: The "Approvers" group is a perfect example. What can members of this group approve? Where can they approve it? Do I really want people Logistics department to be able to approve HR documents? Of course not. Always name groups based on their role within the organization. This will reduce the risk that the group is assigned an inappropriate permission level for a particular securable object. Name groups based on their intended role. In the previous HR/Logistics scenario, I should have created two new groups: "HR Owners" and "Logistics Owners" and assign sensible permission levels for each and the minimum amount required for those users to do their job.

Other Useful References:

If you’ve made it this far:

Please let me know your thoughts via the comments or email me. If you know other good references, please do the same!

Quick u Easy: Oħloq Data View Web Parti (DVWP)

2 tweġibiet

Hemm minjiera ta 'informazzjoni kbir fuq il-WSS 3.0 Data View Web Parti (DVWP) on the web from several sources. Madankollu, I found it to be surprisingly difficult to find information on this first very basic step. Here is another article in the "quick and easy" serje jindirizzawha.

Segwi dawn il-passi biex toħloq parti tad-data web ħsieb (DVWP). They are based on an "Announcements" parti web, iżda tapplika għal-listi aktar.

  1. Oħloq parti web Avviżi u iżżidhiex għal sit.
  2. Iftaħ is-sit SharePoint Designer.
  3. Iftaħ-sit default.aspx.
  4. Select the Announcements web part and right-click.
  5. Mill-menu kuntest, select "Convert to XSIl-T Data View".

SharePoint Designer javżak li dan is-sit issa huwa customised mid-definizzjoni sit tagħha. Li mhux neċessarjament ħażin, iżda hemm implikazzjonijiet importanti (prestazzjoni, upgrade, oħrajn) which are beyond the scope of this little "Quick and Easy" dħul. To get more information on this subject, I jirrakkomandaw żewġ kotba hawn kif ukoll tfittxija tiegħek Internet favoriti.

Ikkonferma li inti ma kien korrett:

  1. Agħlaq u terġa tiftaħ il-web browser (to avoid accidentally re-posting the original "add a new web part").
  2. Select the web part’s arrow drop-down and choose "Modify Shared Web Part" mill-menu.
  3. Il-bord għodda jiftaħ lejn il-lemin.
  4. Il-bord inbidel minn għażliet tagħha sett normali għal dan:
immaġni

“Ma tistax tikseb l schema lista proprjetà kolonna mil-lista SharePoint” — Deskrizzjoni / xogħol-arounds

4 tweġibiet

Din il-ġimgħa, aħna finalment riprodotti problema li kienu ġew irrappurtati minn utent remot: Meta hi ppruvaw li jesportaw il-kontenut ta 'kalendarju li jisbqu, affarijiet jidher li tibda taħdem, iżda mbagħad Excel se pop up żball: "Cannot get the list schema column property from the SharePoint list". She was running office 2003, windows XP and connecting to MOSS.

I mfittxa l-internets u raw xi spekulazzjoni imma xejn 100% definitive. Hence, din il-kariga.

Il-problema: Jesportaw ħsieb li jisbqu li fih id-data (data =-tip data tal-kolonna).

Dak li ħadem għalina: Convert the date to a "single line of text". Imbagħad, jikkonvertu lura għal data.

That solved it. It was nice to see that the conversion worked, attwalment. It was quite nervous that converting things this way would fail, but it did not.

Dan bug għandu jintefa 'dell enormi fuq it-tip data data fil-moħħ tal-klijent, hekk aħna qed tmur biex tkun jfittxu risposta definittiva mill-Microsoft u nisperaw I ser post u taġġorna hawn fil-perjodu qasir ta 'żmien li jmiss bit-tweġiba uffiċjali tagħhom u l-informazzjoni hotfix.

Referenzi oħrajn:

http://www.kevincornwell.com/blog/index.php/cannot-get-the-list-schema-column-property-from-the-sharepoint-list/

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2383611&SiteID=1

<aħħar>

Abbona għall-blog tiegħi.

Quick u sempliċi: Ibgħat email bl hyperlink inkorporati mill workflow Disinjatur SharePoint

Ħalli Risposta

Darba jew darbtejn fix-xahar, xi ħadd postijiet ta 'kwistjoni forum: "How do I include hyperlinks to URL’s that are clickable from a SharePoint Designer email?"

Ippreżentat mingħajr aktar kummenti: (ukoll, attwalment hemm aktar kummenti wara l-immaġni):

immaġni

Becky Isserman ġej bi spjegazzjoni utli dwar kif ssodata link għal oġġett fil-email: http://www.sharepointblogs.com/mosslover/archive/2007/11/20/addition-to-paul-galvin-s-post-about-sending-an-e-mail-with-hyperlinks-in-spd.aspx

New rilaxx: Workflow Estensjonijiet SharePoint Designer (manipulazzjoni funzjonijiet spag)

5 tweġibiet

UPDATE: Ara hawn għal ħsibijiet tiegħi fuq il-kummerċjalizzazzjoni dan il-proġett: http://paulgalvin.spaces.live.com/blog/cns!1CC1EDB3DAA9B8AA!569.entry

Stajt ġew busy jaħdmu fuq proġett Codeplex tiegħi li bħalissa ffokati fuq li jipprovdu estensjonijiet manipulazzjoni spag għall flussi tax-xogħol maħluqa permezz Disinjatur SharePoint.

Ara hawn għal aktar dettalji:

Dar Proġett: http://www.codeplex.com/spdwfextensions

Rilaxx: https://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=spdwfextensions&ReleaseId=8280

Verżjoni 1.0 jinkludi l-karatteristiċi ġodda li ġejjin:

Funzjoni Deskrizzjoni (jekk mhux istess. funzjoni Net)
Num-entrati() Denunzji il numru "dħul" in a string as per a specified delimiter.

Per eżempju: Num-reġistrazzjonijiet fi string "a,b,c" ma delimetru "," = 3.

Dħul() Returns the nth token in a string as per a specified delimiter.
Tul String.Length
Ibdel() String.Replace()
Fih() String.Contains()
Denunzji-kelma "vera" jew il-kelma "false".
Substring(tibda) String.Substring(tibda)
Substring(tibda,tul) String.Substring(tibda,tul)
ToUpper() String.ToUpper()
ToLower() String.ToLower()
StartsWith() String.StartsWith()
Denunzji-kelma "vera" jew il-kelma "false".
EndsWith() String.EndsWith()
Denunzji-kelma "vera" jew il-kelma "false".

A żball runtime BDC spjegat

2 tweġibiet

I ikkawżat żball BDC din il-ġimgħa li jimmanifesta ruħu fuq l-user interface u fil- 12 doqqajs log fil runtime.

Ewwel, dan deher fil-user interface:

Ma setgħetx issib l-oqsma li tiddaħħal l-valuri Identifikatur b'mod korrett tesegwixxi MethodInstance SpecificFinder ma Isem … Tiżgura Parametri input jkollhom TypeDescriptors assoċjati ma 'kull Identifikatur definit għal dan Entità.

Hawn screen shot:

clip_image001

I tista 'wkoll toħloq dan il-messaġġ li jidhru fil- 12 log doqqajs fil-se (using my patented high-tech-don’t-try-this-at-home "Żbalji misterjuża" metodu):

11/14/2007 09:24:41.27 w3wp.exe (0x080C) 0x0B8C SharePoint Portal Server Business Data 6q4x High Exception in BusinessDataWebPart.OnPreRender: System.InvalidOperationException: Il-valur Identifikatur ”, tat-Tip ”, huwa invalidu. Expected Identifier value of Type ‘System.String’. fil Microsoft.Office.Server.ApplicationRegistry.MetadataModel.Entity.FindSpecific(Għan[] subIdentifierValues, LobSystemInstance lobSystemInstance) fil Microsoft.SharePoint.Portal.WebControls.BdcClientUtil.FindEntity(Entità Entità, Għan[] userValues, LobSystemInstance lobSystemInstance) fil Microsoft.SharePoint.Portal.WebControls.BusinessDataItemBuilder.GetEntityInstance(Ara desiredView) fil Microsoft.SharePoint.Portal.WebControls.BusinessDataDetailsWebPart.GetEntityInstance() fil Microsoft.SharePoint.Portal.WebControls.BusinessDataDetailsWebPart.SetDataSourceProperties()

I mfittxa madwar u sab xi twassal fil- MSDN forum, but they weren’t enough for me to understand what I was doing wrong. I watched a webcast by Ted Pattison li tiegħi kumpanija tkun squirreled bogħod fuq server u daħal li tirrealizza problema tiegħi.

Fil ADF tiegħi, Jien konnessjoni ma 'SQL database kif muri:

            <Proprjetà Isem="RdbCommandText" Tip="System.String">
              <![CDATA[
                TAGĦŻEL
                      , CARRIER_ID, EFFDT, Descr, EFF_STATUS, TAXPAYER_ID, NETWORK_ID, FRT_FORWARD_FLG, ALT_NAME1, ALT_NAME2, LANGUAGE_CD,
                      PAJJIŻ, Address1, ADDRESS2, ADDRESS3, ADDRESS4, BELT, NUM1, NUM2, HOUSE_TYPE, ADDR_FIELD1, ADDR_FIELD2, ADDR_FIELD3,
                      COUNTY, ISTAT, POSTALI, GEO_CODE, IN_CITY_LIMIT, COUNTRY_CODE, PHONE, ESTENSJONI, FAX, LAST_EXP_CHK_DTTM, FREIGHT_VENDOR,
                      INTERLINK_DLL, TMS_EXCLUDE_FLG
                 (nolock)
                FEJN
                  (SETID <> "SHARE") u
                  (ibaxxu(CARRIER_ID) >= Inqas(@ MinID)) u
                  (ibaxxu(CARRIER_ID) <= Inqas(@ MaxId)) u
                  (ibaxxu(Descr) SIMILI inqas(@ InputDescr))
                ]]>
            </Proprjetà>

I kien bil-kondizzjoni li SQL minn persuna DBA u jien mogħtija biex jifhmu li din hija speċjali view they created just for me. The unique key there is CARRIER_ID.

Hawn hu l-bug I introdotti:

      <Identifikaturi>
        <Identifika Isem="CARRIER_ID" TypeName="System.String" />
        <Identifika Isem="Descr" TypeName="System.String" /> 
      </Identifikaturi>

X'imkien matul il-linja, I kien irnexxielha jħawdu ruħi fuq it-tifsira ta ' <Identifikaturi> and added DESCR even though it’s not actually an identifier. I took DESCR out of the identifiers set and presto! Dan kollu ħadem.

I hope this saves someone some grief 🙂

Inti ma tistax Beat Reach SharePoint fuq

1 Irrispondi

Matul l-aħħar jumejn, I have participated in two meetings during which we presented the results of a SharePoint project. The CIO and his team joined the first meeting. That’s standard and not especially notable. The IT department is obviously involved in an enterprise rollout of any technology project. The second meeting expanded to include a V.P. mill-marketing, diversi diretturi jirrappreżentaw HR, Loġistika, Manifattura, Proġetti kapitali, Kwalità, Purchasing, Iżvilupp Korporattiva u dipartimenti oħra (wħud minnhom ma kinux involuti anki direttament fil-fażi attwali). That’s a mighty wide audience.

Fil-ħajja tiegħi qabel, I primarily worked on ERP and CRM projects. They both have a fairly wide solution domain but not as wide as SharePoint. To be fully realized, SharePoint projects legitimately and necessarily reach into every nook and cranny of an organization. How many other enterprise solutions have that kind of reach? Not many.

SharePoint clearly represents an enormous opportunity for those of us fortunate enough to be in this space. It provides a great technical opportunity (li huwa b'xi mod mdawwar fuq kap tagħha hawn under "Technologies You Must Master"). But even better, SharePoint exposes us to an extensive and wide range of business processes through these engagements. How many CRM specialists work with the manufacturing side of the company? How many ERP consultants work with human resources on talent acquisition? SharePoint exceeds them both.

Bħal kull ħaġa, mhuwiex perfett, iżda huwa post tajjeb damned li jkun.

Għall-imħabba ta ' [timla persuna l-aktar maħbub tiegħek / ogħla jkunu], don’t change the ‘Title’ Kolonna sit.

7 tweġibiet

Fuq il- Fora SharePoint, xi ħadd kultant tistaqsi dwar "tibdil tal-tikketta tat-Titolu" jew dwar "it-tneħħija minn listi titolu".

Bottom line: M'għandekx tagħmel dan!

Sfortunatament, l-user interface tippermetti bidla one-way ta 'dik it-tikketta kolonna kif muri:

immaġni

Titolu huwa kolonna assoċjata mat-Punt "" Tip kontenut. Ħafna, ħafna, ħafna tal CT jużaw din il-kolonna u jekk int bdilt hawnhekk, it ripples out everywhere. There’s a good chance that you didn’t intend for that to happen. You were probably thinking to yourself, "I have a custom lookup list and ‘Title’ biss ma jagħmilx sens bħala isem kolonna, so I’m going to change it to ‘Status Code’ and add a description column." But if you follow through on that thought and rename ‘Title’ to ‘Status Code’, titolu kull lista tal- (inklużi libreriji dokument) bidliet fil-Kodiċi Status "" u inti probabilment ma kienx biħsiebu għal dak li jiġri.

Il-problema vera hija li din hija bidla one-way. The UI "knows" dak it-titolu "" is a reserved word. Allura, jekk inti tipprova u l-bidla Kodiċi Status "" lura għal "Titolu", se tipprevjeni li inti u issa inti ħadthom miżbugħa lilek innifsek fis-kantuniera using paint that never dries 🙂

Allura x'jiġri jekk inti diġà mibdula din? I haven’t seen the answer we all want, which is a simple and easy method to change the label back to ‘Title’. Right now, the best advice is to change it to something like "Doc/Item Title". That’s a generic enough label that may not be too jarring for your users.

I jkollhom ideat oħra ftit li huma fuq biex tagħmel-lista tiegħi ta 'affarijiet li riċerka:

  • Kuntatt Microsoft.
  • Tagħmel xi ħaġa mal-mudell oġġett, forsi flimkien ma 'karatteristika.
  • Figura l-schema database u manwalment taġġorna SQL. (Għandek tikkuntattja Microsoft qabel ma tagħmel dan għalkemm; li x'aktarx se null kuntratt ta 'appoġġ tiegħek).

Jekk xi ħadd jaf kif se ssolvi din, jekk jogħġbok post kumment.

Aġġornament tard wara nofsinhar, 11/15: Sibt din ir-rabta li jiddeskrivi metodu għall-ħolqien ta 'tip ta' lista li ma jkollux kolonna titolu: http://www.venkat.org/index.php/2007/09/03/how-to-remove-title-column-from-a-custom-list/

BDC ADF u l-ħabib tiegħek, CDATA

1 Irrispondi

Stajt ndunat xi skomdi u bla bżonn bl-idejn kodifikazzjoni ta RdbCommandText fil xi eżempji (inkluża d-dokumentazzjoni MSDN).

Jien ridt li tindika lill-utenti ġodda biex BDC li jikkmanda jistgħu jiġu mgeżwra ġewwa tag CDATA fil-"naturali tagħhom" form. Allura, dan skomdi kostruzzjoni:

<Proprjetà Isem="RdbCommandText" Tip="System.String">
  TAGĦŻEL dbo.MCRS_SETTLEMENT.id, dbo.MCRS_SETTLEMENT.settlement minn dbo.MCRS_SETTLEMENT 
    FEJN (id &gt;= @ MinIDs) U (id &lt;= @ MaxId)
</Proprjetà>

jistgħu jiġu rappreżentati aħjar b'dan il-mod:

<Proprjetà Isem="RdbCommandText" Tip="System.String">
<![CDATA[
 TAGĦŻEL dbo.MCRS_SETTLEMENT.id, dbo.MCRS_SETTLEMENT.settlement minn dbo.MCRS_SETTLEMENT
FEJN (id >= @ MinIDs) U (id <= @ MaxId)
]]>
</Proprjetà>

</aħħar>

BDC Eżempju

Intro li BDC

Funzjonali Eżempju: BDC ADF li jgħaqqad lill database SQL ma 'id-utent inkorporat u password

4 tweġibiet

I needed to wire up MOSS to a SQL database via BDC. For testing/POC purposes, I wanted to embed the SQL account user id and password in the ADF. Starting with din it-template (http://msdn2.microsoft.com/en-us/library/ms564221.aspx), I maħluqa b 'ADF li jgħaqqad għal SQL server partikolari istanza u zkuk fl ma' l-id utent speċifiku u password u muri f'dan snippet:

  <LobSystemInstances>
    <LobSystemInstance Isem="ClaimsInstance">
      <Properties>
        <Proprjetà Isem="AuthenticationMode" Tip="System.String">PassThrough</Proprjetà>
        <Proprjetà Isem="DatabaseAccessProvider" Tip="System.String">SqlServer</Proprjetà>
        <Proprjetà Isem="RdbConnection Data Sors" Tip="System.String">server attwali  attwali istanza</Proprjetà>
        <Proprjetà Isem="Catalog inizjali RdbConnection" Tip="System.String">katalogu inizjali nnifisha</Proprjetà>
        <Proprjetà Isem="RdbConnection Integrata Sigurtà" Tip="System.String">SSPI</Proprjetà>
        <Proprjetà Isem="RdbConnection ippuljar" Tip="System.String">falza</Proprjetà>

        <!-- Dawn huma l-valuri ewlenin: -->
        <Proprjetà Isem="User ID RdbConnection" Tip="System.String">aID ctual User</Proprjetà>
        <Proprjetà Isem="Password RdbConnection" Tip="System.String">attwali Password</Proprjetà>
        <Proprjetà Isem="Trusted_Connection RdbConnection" Tip="System.String">falza</Proprjetà>

      </Properties>
    </LobSystemInstance>
  </LobSystemInstances>

Mhuwiex l-aħjar prattika, but it’s useful for a quick and simple configuration for testing. This was surprisingly difficult to figure out. I never found a functional example with search keywords:

  • ADF userid integrati u password
  • ssodata id-utent u password ADF
  • ssodata id-utent u password ADF BDC
  • Sharepoint primer BDC
  • Sharepoint utent embed id u password ADF

</aħħar>

Abbona għall-blog tiegħi.