SharePoint Usalama misingi ya Kwanza / Kuepuka Pitfalls Kawaida

UPDATE 12/18/07: Angalia makala Paulo Liebrand kwa ajili ya madhara ya baadhi ya kiufundi ya kuondoa au kubadilisha majina kundi default (kuona maoni yake hapa chini pamoja na).

Overview:

SharePoint security is easy to configure and manage. Hata hivyo, it has proven to be difficult for some first-time administrators to really wrap their hands around it. Not only that, I have seen some administrators come to a perfect understanding on Monday only to have lost it by Friday because they didn’t have to do any configuration in the intervening time. (Mimi kukubali kwa kuwa tatizo hili mimi mwenyewe). This blog entry hopefully provides a useful SharePoint security primer and points towards some security configuration best practices.

Muhimu Kumbuka:

This description is based on out of the box SharePoint security. My personal experience is oriented around MOSS so there may be some MOSS specific stuff here, but I believe it’s accurate for WSS. I hope that anyone seeing any errors or omissions will point that out in comments or email yangu. I’ll make corrections post haste.

Misingi:

Kwa madhumuni ya muhtasari huu, kuna nne kimsingi masuala ya usalama: watumiaji / vikundi, securable vitu, ruhusa ngazi na urithi.

Watumiaji na Vikundi kuvunja chini kwa:

  • Mtu binafsi watumiaji: Vunjwa kutoka saraka ya kazi au kuundwa moja kwa moja katika SharePoint.
  • Vikundi: Mapped directly from active directory or created in SharePoint. Groups are a collection of users. Groups are global in a site collection. They are never "tied" na kitu maalum securable.

Securable vitu kuvunja kwa angalau:

  • Maeneo ya
  • Kudhibiti maktaba
  • Mtu binafsi vitu katika orodha na maktaba hati
  • Folders
  • Mbalimbali BDC mazingira.

Kuna wengine securable vitu, lakini unaweza kupata picha.

Ruhusa ngazi: mzigo wa punjepunje / low level access rights that include such things as create/read/delete entries in lists.

Urithi: By default entities inherit security settings from their containing object. Sub-sites inherit permission from their parent. Document libraries inherit from their site. So on and so forth.

Watumiaji na vikundi yanahusiana na vitu securable kupitia ngazi ruhusa na urithi.

Muhimu Usalama Rules Kuelewa, Ever 🙂 :

  1. Vikundi ni tu makusanyo ya watumiaji.
  2. Vikundi ni wa kimataifa ndani ya ukusanyaji tovuti (i.e. hakuna kitu kama kundi maalum katika ngazi ya tovuti).
  3. Kundi jina bila kuzingatia, vikundi hawana, katika na wenyewe, have any particular level of security.
  4. Groups have security in the context of a specific securable object.
  5. Unaweza hawawajui ngazi mbalimbali ruhusa kwa kikundi kimoja kwa kila kitu securable.
  6. Mtandao maombi ya sera mbiu ya yote haya (angalia hapa chini).

Usalama watendaji waliopotea katika bahari ya kundi na nyimbo mtumiaji anaweza daima kutegemea imani za hawa kusimamia na kuelewa usalama wao Configuration.

Kawaida Pitfalls:

  • Kundi majina ya uongo kuashiria ruhusa: Nje ya boksi, SharePoint defines a set of groups whose names imply an inherent level of security. Consider the group "Contributor". One unfamiliar with SharePoint security may well look at that name and assume that any member of that group can "contribute" to any site/list/library in the portal. That may be true but not because the group’s name happens to be "contributor". This is only true out of the box because the group has been provided a permission level that enables them to add/edit/delete content at the root site. Through inheritance, the "contributors" group may also add/edit/delete content at every sub-site. One can "break" the inheritance chain and change the permission level of a sub-site such that members of the so-called "Contributor" kundi hawawezi kuchangia wakati wote, lakini tu kusoma (kwa mfano). This would not be a good idea, wazi, tangu itakuwa utata sana.
  • Vikundi si hufafanuliwa katika ngazi ya tovuti. It’s easy to be confused by the user interface. Microsoft provides a convenient link to user/group management via every site’s "People and Groups" kiungo. It’s easy to believe that when I’m at site "xyzzy" and I create a group through xyzzy’s People and Groups link that I’ve just created a group that only exists at xyzzy. That is not the case. I’ve actually created a group for the whole site collection.
  • Vikundi vya jumla haina kutofautiana na tovuti (i.e. ni sawa kila mahali kundi ni kutumika): Consider the group "Owner" na maeneo mawili, "HR" and "Logistics". It would be normal to think that two separate individuals would own those sites — an HR owner and a Logistics owner. The user interface makes it easy for a security administrator to mishandle this scenario. If I didn’t know better, Mimi ili kupata Watu na viungo Vikundi kupitia tovuti ya Utumishi, select the "Owners" group and add my HR owner to that group. A month later, Logistics comes on line. I access People and Groups from the Logistics site, add pull up the "Owners" group. I see the HR owner there and remove her, thinking that I’m removing her from Owners at the Logistics site. Kwa kweli, I’m removing her from the global Owners group. Hilarity ensues.
  • Kushindwa kwa jina makundi ya msingi ya jukumu maalum: The "Approvers" group is a perfect example. What can members of this group approve? Where can they approve it? Do I really want people Logistics department to be able to approve HR documents? Of course not. Always name groups based on their role within the organization. This will reduce the risk that the group is assigned an inappropriate permission level for a particular securable object. Name groups based on their intended role. In the previous HR/Logistics scenario, Mimi lazima tumemuumba makundi mawili mpya: "HR Owners" and "Logistics Owners" na kuwapa ruhusa ngazi busara kwa kila mmoja na kiasi cha chini zinazohitajika kwa watumiaji hao kufanya kazi zao.

Nyingine muhimu Marejeo:

Kama wameweza kuifanya hii mbali:

Please let me know your thoughts via the comments or email me. If you know other good references, tafadhali kufanya hivyo!

Tags technorati:

Haraka na Easy: Kujenga Data Mtandao View Sehemu ya (DVWP)

Kuna utajiri wa habari kubwa kwenye WSS 3.0 Takwimu View Mtandao Sehemu ya (DVWP) on the web from several sources. Hata hivyo, I found it to be surprisingly difficult to find information on this first very basic step. Here is another article in the "quick and easy" mfululizo kulishughulikia.

Fuata hatua hizi ili kujenga data mtandao mtazamo sehemu (DVWP). They are based on an "Announcements" mtandao sehemu, lakini kuomba orodha ya wengi.

  1. Kujenga mtandao Matangazo sehemu na kuongeza kwa tovuti.
  2. Kufungua tovuti katika SharePoint Designer.
  3. Kufungua default.aspx tovuti.
  4. Select the Announcements web part and right-click.
  5. Kutoka orodha ya mazingira, select "Convert to XSLT Data View".

SharePoint Designer notifies kwamba tovuti hii sasa umeboreshwa kutoka tovuti ufafanuzi wake. Hiyo si lazima mbaya, lakini kuna athari muhimu (utendaji, kuboresha, wengine) which are beyond the scope of this little "Quick and Easy" kuingia. To get more information on this subject, Mimi kupendekeza vitabu vyote viwili hapa kama vile Internet yako tafuta favorite.

Kuthibitisha kwamba alifanya kwa usahihi:

  1. Karibu na re-kufungua kivinjari (to avoid accidentally re-posting the original "add a new web part").
  2. Select the web part’s arrow drop-down and choose "Modify Shared Web Part" kutoka orodha ya.
  3. jopo chombo kuufungua na haki.
  4. jopo imebadilika kutoka kawaida yake kuweka chaguzi hii:
picha

“Hawawezi kupata schema orodha safu mali kutoka orodha SharePoint” — maelezo / kazi-arounds

Wiki hii, sisi hatimaye kuzalishwa tatizo kwamba alikuwa kuripotiwa kwa mtumiaji kijijini: Alipojaribu kuuza nje yaliyomo ya orodha ya kuutumia, mambo ingekuwa wanaonekana kuanza kufanya kazi, lakini basi Excel ingekuwa pop up kosa: "Cannot get the list schema column property from the SharePoint list". She was running office 2003, windows XP and connecting to MOSS.

I searched Internets na kuona baadhi ya uvumi lakini hakuna 100% definitive. Hence, hii post.

tatizo: Kusafirisha maoni kuutumia kwamba ina tarehe (tarehe = data aina ya safu).

Nini kazi kwa ajili yetu: Convert the date to a "single line of text". Kisha, kubadilisha nyuma ya tarehe.

That solved it. It was nice to see that the conversion worked, kweli. It was quite nervous that converting things this way would fail, but it did not.

Mdudu hii ina kutupwa kivuli kubwa zaidi ya aina tarehe data katika akili ya mteja, hivyo sisi ni kwenda kutafuta jibu slutgiltig kutoka Microsoft na hopefully mimi itabidi baada na update hapa katika kipindi cha pili cha muda mfupi na jibu yao rasmi na taarifa hotfix.

Rejea nyingine:

http://www.kevincornwell.com/blog/index.php/cannot-get-the-list-schema-column-property-from-the-sharepoint-list/

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2383611&SiteID=1

<mwisho>

Kujiunga na blog yangu.

Tags technorati: ,

Haraka na rahisi: Kutuma barua pepe na hyperlink iliyoingia kutoka SharePoint workflow Designer

Mara moja au mara mbili kwa mwezi, mtu posts swali jukwaa: "How do I include hyperlinks to URL’s that are clickable from a SharePoint Designer email?"

Kuwasilishwa bila maoni zaidi: (vizuri, kweli kuna zaidi maoni baada ya picha):

picha

Becky Isserman ifuatavyo na maelezo muhimu ya jinsi ya embed kiungo kwa bidhaa katika barua pepe: http://www.sharepointblogs.com/mosslover/archive/2007/11/20/addition-to-paul-galvin-s-post-about-sending-an-e-mail-with-hyperlinks-in-spd.aspx

Mpya kutolewa: SharePoint Designer Workflow upanuzi (kamba kudanganywa kazi)

UPDATE: Kuona hapa kwa mawazo yangu juu ya kibiashara ya mradi huu: http://paulgalvin.spaces.live.com/blog/cns!1CC1EDB3DAA9B8AA!569.entry

Nimekuwa busy kazi katika mradi wangu Codeplex ambayo kwa sasa kulenga kutoa upanuzi kudanganywa kamba workflows kuundwa kupitia Designer SharePoint.

Angalia hapa kwa maelezo:

Mradi wa nyumbani: http://www.codeplex.com/spdwfextensions

Kutolewa: https://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=spdwfextensions&ReleaseId=8280

Toleo 1.0 ni pamoja na zifuatazo makala mpya:

Kazi Description (kama si sawa kama Net kazi.)
Num-entries() Returns the number "entries" in a string as per a specified delimiter.

Kwa mfano: Num-entries in a string "a,b,c" with delimiter "," = 3.

Kuingia() Returns the nth token in a string as per a specified delimiter.
Urefu String.Length
Nafasi() String.Replace()
Ina() String.Contains()
Returns the word "true" or the word "false".
Substring(kuanza) String.Substring(kuanza)
Substring(kuanza,urefu) String.Substring(kuanza,urefu)
Toupper() String.ToUpper()
ToLower() String.ToLower()
StartsWith() String.StartsWith()
Returns the word "true" or the word "false".
EndsWith() String.EndsWith()
Returns the word "true" or the word "false".

BDC Runtime kosa alielezea

Mimi unasababishwa kosa BDC wiki hii kuwa wazi yenyewe juu ya interface user na katika 12 mzinga logi katika Runtime.

Kwanza, hii alionekana katika interface user:

Hakuweza kupata mashamba ya kuingiza Maadili kila kitambulisho kwa usahihi nitafanya MethodInstance SpecificFinder na Jina … Kuhakikisha kuwa pembejeo Vigezo TypeDescriptors kuhusishwa na kila Kitambulisho defined kwa Entity hii.

Hapa ni risasi screen:

clip_image001

Mimi naweza pia kusababisha ujumbe huu kuonekana katika 12 mzinga logi katika mapenzi (using my patented high-tech-don’t-try-this-at-home "mysterious errors" njia):

11/14/2007 09:24:41.27 w3wp.exe (0x080C) 0x0B8C SharePoint Portal Server Business Data 6q4x High Exception in BusinessDataWebPart.OnPreRender: System.InvalidOperationException: Thamani Kitambulisho ”, Aina ya ”, ni batili. Expected Identifier value of Type ‘System.String’. saa Microsoft.Office.Server.ApplicationRegistry.MetadataModel.Entity.FindSpecific(Kitu[] subIdentifierValues, LobSystemInstance lobSystemInstance) saa Microsoft.SharePoint.Portal.WebControls.BdcClientUtil.FindEntity(Chombo chombo, Kitu[] userValues, LobSystemInstance lobSystemInstance) saa Microsoft.SharePoint.Portal.WebControls.BusinessDataItemBuilder.GetEntityInstance(View desiredView) saa Microsoft.SharePoint.Portal.WebControls.BusinessDataDetailsWebPart.GetEntityInstance() saa Microsoft.SharePoint.Portal.WebControls.BusinessDataDetailsWebPart.SetDataSourceProperties()

I searched karibu na kupatikana inaongoza katika baadhi ya MSDN jukwaa, but they weren’t enough for me to understand what I was doing wrong. I watched a webcast by Ted Pattison kwamba yangu kampuni ina squirreled mbali juu ya server na alikuja kutambua tatizo langu.

Katika ADF yangu, Mimi kuunganisha na database SQL kama inavyoonekana:

            <Mali Jina="RdbCommandText" Aina="System.String">
              <![CDATA[
                CHAGUA
                      , CARRIER_ID, EFFDT, DESCR, EFF_STATUS, TAXPAYER_ID, NETWORK_ID, FRT_FORWARD_FLG, ALT_NAME1, ALT_NAME2, LANGUAGE_CD,
                      NCHI, ADDRESS1, ADDRESS2, ADDRESS3, ADDRESS4, CITY, NUM1, NUM2, HOUSE_TYPE, ADDR_FIELD1, ADDR_FIELD2, ADDR_FIELD3,
                      COUNTY, HALI, Postal, GEO_CODE, IN_CITY_LIMIT, COUNTRY_CODE, SIMU, UTVIDGNING, Faksi, LAST_EXP_CHK_DTTM, FREIGHT_VENDOR,
                      INTERLINK_DLL, TMS_EXCLUDE_FLG
                 (nolock)
                WAPI
                  (LEAs <> 'SHARE') na
                  (kupunguza(CARRIER_ID) >= Chini(@ MinID)) na
                  (kupunguza(CARRIER_ID) <= Chini(@ MaxId)) na
                  (kupunguza(DESCR) KAMA chini(@ InputDescr))
                ]]>
            </Mali>

Mimi nilikuwa zinazotolewa kwamba SQL kutoka mtu DBA na mimi nina aliyopewa kuelewa kwamba ni maalum view they created just for me. The unique key there is CARRIER_ID.

Hapa ni mdudu Mimi ilianzisha:

      <Vitambulisho>
        <Kutambua Jina="CARRIER_ID" TypeName="System.String" />
        <Kutambua Jina="DESCR" TypeName="System.String" /> 
</Vitambulisho>

Mahali fulani kwenye mstari, Mimi alikuwa imeweza kuwachanganya mwenyewe juu ya maana ya <Vitambulisho> and added DESCR even though it’s not actually an identifier. I took DESCR out of the identifiers set and presto! Ni wote kazi.

I hope this saves someone some grief 🙂

Tags technorati: , , ,

Huwezi kuwapiga Lete SharePoint ya

Wakati wa mwisho siku mbili, I have participated in two meetings during which we presented the results of a SharePoint project. The CIO and his team joined the first meeting. That’s standard and not especially notable. The IT department is obviously involved in an enterprise rollout of any technology project. The second meeting expanded to include a V.P. kutoka masoko, kadhaa wakurugenzi anayewakilisha Utumishi, Vifaa, Viwanda, Capital Miradi, Ubora, Ununuzi, Kampuni ya maendeleo na idara nyingine za (ambao baadhi yao walikuwa hata moja kwa moja kushiriki katika awamu ya sasa). That’s a mighty wide audience.

Katika maisha yangu kabla ya, I primarily worked on ERP and CRM projects. They both have a fairly wide solution domain but not as wide as SharePoint. To be fully realized, SharePoint projects legitimately and necessarily reach into every nook and cranny of an organization. How many other enterprise solutions have that kind of reach? Not many.

SharePoint clearly represents an enormous opportunity for those of us fortunate enough to be in this space. It provides a great technical opportunity (ambayo ni namna fulani akageuka juu ya kichwa chake hapa under "Technologies You Must Master"). But even better, SharePoint exposes us to an extensive and wide range of business processes through these engagements. How many CRM specialists work with the manufacturing side of the company? How many ERP consultants work with human resources on talent acquisition? SharePoint exceeds them both.

Kama kitu chochote, siyo kamilifu, lakini ni damned mema mahali pa kuwa.

Kwa upendo wa [kujaza mtu wako wengi kupendwa / juu ya kuwa], don’t change the ‘Title’ tovuti safu.

On the SharePoint forums, someone occasionally asks about "changing the label of Title" or about "removing title from lists".

Bottom line: Don’t do it!

Cha kusikitisha, the user interface allows a one-way change of that column label as shown:

picha

Title is a column associated with the "Item" aina ya maudhui. Many, wengi, many CT’s use this column and if you change it here, it ripples out everywhere. There’s a good chance that you didn’t intend for that to happen. You were probably thinking to yourself, "I have a custom lookup list and ‘Title’ just doesn’t make sense as a column name, so I’m going to change it to ‘Status Code’ and add a description column." But if you follow through on that thought and rename ‘Title’ to ‘Status Code’, every list’s title (including document libraries) changes to "Status Code" and you probably didn’t intend for that to happen.

The real problem is that this is a one-way change. The UI "knows" that "title" is a reserved word. Hivyo, if you try and change "Status Code" back to "Title", it will prevent you and now you’ve painted yourself into a corner using paint that never dries 🙂

So what happens if you already changed it? I haven’t seen the answer we all want, which is a simple and easy method to change the label back to ‘Title’. Right now, the best advice is to change it to something like "Doc/Item Title". That’s a generic enough label that may not be too jarring for your users.

I have few other ideas which are on my to-do list of things to research:

  • Contact Microsoft.
  • Do something with the object model, maybe in conjunction with a feature.
  • Figure out the database schema and manually update SQL. (You should contact Microsoft before doing this though; it will likely void your support contract).

If anyone knows how to solve this, tafadhali post comment.

Update late afternoon, 11/15: I found this link that describes a method for creating a type of list that does not have a title column: http://www.venkat.org/index.php/2007/09/03/how-to-remove-title-column-from-a-custom-list/

BDC ADF na rafiki yako, CDATA

I’ve noticed some awkward and unnecessary hand-encoding of RdbCommandText in some examples (including MSDN documentation).

I wanted to point out to newcomers to BDC that commands can be wrapped inside a CDATA tag in their "natural" form. Hivyo, this awkward construction:

<Mali Jina="RdbCommandText" Aina="System.String">
SELECT dbo.MCRS_SETTLEMENT.id, dbo.MCRS_SETTLEMENT.settlement from dbo.MCRS_SETTLEMENT
WAPI (id &gt;= @MinId) NA (id &lt;= @ MaxId)
</Mali>

can be better represented this way:

<Mali Jina="RdbCommandText" Aina="System.String">
<![CDATA[
SELECT dbo.MCRS_SETTLEMENT.id, dbo.MCRS_SETTLEMENT.settlement from dbo.MCRS_SETTLEMENT
WAPI (id >= @MinId) NA (id <= @MaxId)
]]>
</Mali>

</mwisho>

BDC Primer

Intro to BDC

Mfano kazi: BDC ADF kwamba unajumuisha na database SQL na id iliyoingia mtumiaji na nywila

I needed to wire up MOSS to a SQL database via BDC. For testing/POC purposes, I wanted to embed the SQL account user id and password in the ADF. Starting with hii template (http://msdn2.microsoft.com/en-us/library/ms564221.aspx), Mimi umba ADF kwamba unajumuisha na hasa mfano SQL server na magogo katika na id maalum mtumiaji na nywila na inavyoonekana katika snippet hii:

  <LobSystemInstances>
    <LobSystemInstance Jina="ClaimsInstance">
      <Mali>
        <Mali Jina="AuthenticationMode" Aina="System.String">PassThrough</Mali>
        <Mali Jina="DatabaseAccessProvider" Aina="System.String">SqlServer</Mali>
        <Mali Jina="RdbConnection Takwimu Chanzo" Aina="System.String">server halisi  halisi mfano</Mali>
        <Mali Jina="RdbConnection Awali Catalog" Aina="System.String">halisi ya awali catalog</Mali>
        <Mali Jina="RdbConnection Integrated Usalama" Aina="System.String">SSPI</Mali>
        <Mali Jina="RdbConnection kuunganisha" Aina="System.String">uongo</Mali>

        <!-- Haya ni maadili muhimu: -->
        <Mali Jina="RdbConnection User ID" Aina="System.String">actual User ID</Mali>
        <Mali Jina="RdbConnection Siri" Aina="System.String">halisi cha Siri</Mali>
        <Mali Jina="RdbConnection Trusted_Connection" Aina="System.String">uongo</Mali>

      </Mali>
    </LobSystemInstance>
  </LobSystemInstances>

Si njia bora, but it’s useful for a quick and simple configuration for testing. This was surprisingly difficult to figure out. I never found a functional example with search keywords:

  • ADF iliyoingia userid na password
  • embed user id na password katika ADF
  • embed user id na password katika ADF BDC
  • SharePoint BDC primer
  • SharePoint kupachika user id na password katika ADF

</mwisho>

Kujiunga na blog yangu.