Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows SharePoint Services Managing users and rights.

Published byPeregrine Harmon Modified over 9 years ago

Similar presentations

Presentation on theme: "Windows SharePoint Services Managing users and rights."— Presentation transcript:

1 Windows SharePoint Services Managing users and rights

2 Agenda Authentication and Authorization Site Administrators Box Administrators Managing Users and Site Groups WSS Object Permissions

3 Managing Sites and Sub-sites Manage immediate set of sub-sites for the current site* View Full list of sub- sites for the site collection** Managed from HTML Pages or command- line Site-creation is a simple two-step process

4 Authentication Authentication – the verification of identity of a person or process –Different from authorization, which determines which functions you can perform WSS does not perform it’s own authentication – this is handled by IIS IIS’ authentication mechanism requires an NT account (either local or AD)

5 Authentication Setup Two main setups for authentication – account creation mode or pre existing domain With a pre existing domain, use IIS with Windows authentication enabled, no new user accounts needed Account creation mode is a feature, selected at install time, that will generate a new account in the AD for each user – pre existing accounts cannot be used. IIS is setup to use basic or digest authentication Don’t use local machine accounts! –Migrating will be a big pain if you do Passport authentication and WSS don’t work well together

6 Anonymous Access Anonymous access is limited – the most anonymous users can do is insert list items –By default, it is turned off, both at the web site level and at the IIS level –WSS UI is sensitive to IIS setting Setting anonymous access is done at myriad different points –IIS setting for the virtual server –On/Off switch at the web site level –Rights mask at the individual list level

7 Demo Configurazione Accesso Anonimo

8 Site Collections A Site Collection is a set of logically related Web Sites that can be collectively managed Each Site Collection has a single top level Web Site Individual users can be marked as Site Collection Administrators –This grants them full access to all content

9 Box & WSS Administrators WSS supports two sets of high level administrators, box admins and SharePoint Administrative Group members –SharePoint Administrative Group is defined in WSS Central Administration –WSS checks to see if the current user is a box admin or in the domain group. If so, full access is granted to all site collections Four differences between abilities of box admins and WSS admins –Change configuration database –Change WSS admin domain group –Manage content paths –Extend/unextend IIS virtual servers

10 Security & Site Collections Site collection administrators have three main responsibilities –Users and cross-site groups on the site collection Users are rolled up at the site collection level, and can be managed there Cross site groups are scoped to the site collection level –Quota issues for the site collection –Rights mask for the site collection

11 Demo Impostazione Gruppo Amministrativo

12 WSS Authorization Whereas WSS relies on IIS for authentication, WSS performs all it’s own authorization Implementation is similar to NT system –WSS specific ACLs dictate access ACL is a collection of ACEs, each of which maps a security principle (user, group, etc) to a set of rights –NT is called for domain group resolution

13 Managing Users Users give people access to a site Every site has it’s own set op users The site owner can choose to inherit users from the parent site, or create a unique set of users Can enable Anonymous access on –Entire Site, Lists and Libraries or Nothing Can enable access for all authenticated users as –Readers or Contributors Can manage all users in a site collection  Site Settings   Go to Site Administration   Manage Users

14 Web Site Security Site Groups are scoped to an individual Web Site Site Groups by default –Guest* –Reader –Contributor –Designer Web –Administrator Which Site Groups a user is a member of determine their default permissions to objects in that site (and any inherited web sites) –Membership in multiple Site Groups is possible A Web Site’s security can be either inherited from it’s parent web, or unique

15 Managing Users and Site Groups Membership to a Site Group determines the rights a user has Use built-in groups or create your own Each Site Group has a set of rights Copy feature allows you to copy all rights to another group  Site Settings   Go to Site Administration   Manage site groups

16 Managing Cross-Site Groups Group users together in one entity Cross-site groups must be assigned to a site group in order to give the users in the site- group rights on the Site Can be used on any site within the site-collection Useful if equivalent is not available as an AD Security group  Site Settings   Go to Site Administration   Manage cross-site groups

17 Managing Cross-Site Groups  Site Settings   Go to Site Administration   Manage cross-site groups Users John Smith Peter Collins Judy Lew Kim Clark Paul West Don Hall Suzan Fine Groups Marketing Sales Production AD Site Users John Smith Judy Lew Kim Clark Cross-Site Groups Managers Regional VPs HR Assistants Sales and Marketing WSS Site Groups Web Designer Contributor Reader Administrator WSS Corporate Directory Who has Access to a Site ? What Rights do they have ?

18 Demo Creazione Site Groups e Cross-Site Group

19 Permissions in WSS WSS uses “rights” - a right is a privilege that allows a user to perform an action on the server. –Example: View Pages, Insert List Items, Change List Permissions. –There are currently about 20 rights. –Some rights are dependent on others. Example: Insert List Items has View List Items as a dependent. At the IIS virtual server level there is a “rights mask” –This enables/disables rights for use on Web Site Collections within that virtual server –Is settable by box administrators and WSS administrators

20 User Level Security and Web Parts Shared and Personal modes –Shared mode changed seen by all users –Personal mode changes seen only by the individual making them Rights controlling user modes: –Shared: Add or customize pages – allows shared mode changes for parts and pages outside document libraries Edit list items – allows shared mode changes for parts and pages inside document libraries –Personal: (Add or Remove Private Web Parts) Personalize Web Part pages – allows users to add/delete parts in personal mode for pages in webs and document libraries (Updated Personal Web Parts) Personalize Web Parts – allows users to modify part properties in personal mode for pages in webs and document libraries

21 Demo Attribuzione permessi

22 I prossimi appuntamenti Lunedì 10/05/2004 ore 10.30 WSS e i modelli personalizzati: siti, liste, raccolte Martedì 25/05/2004 ore 10.30 Introduzione a XML in Office 2003 (no developer)

Download ppt "Windows SharePoint Services Managing users and rights."

Similar presentations

JERRY GILES MNIS Unclassified Information Sharing Service PAUL HILTON.

JERRY GILES MNIS Unclassified Information Sharing Service PAUL HILTON.
Top 10 things you need to know about SharePoint Site Administration

Top 10 things you need to know about SharePoint Site Administration
File Server Organization and Best Practices IT Partners June, 02, 2010.

File Server Organization and Best Practices IT Partners June, 02, 2010.
MOAC : Installing and Configuring Windows Server 2012

MOAC : Installing and Configuring Windows Server 2012
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Understanding Active Directory

Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Similar presentations

Ads by Google