Control Access Security to Shared Documents in SPS
This article is an informational piece describing the differences in security between document libraries in SharePoint Portal Server 2003 and Windows SharePoint Services.
I recently wrapped up SharePoint Portal Server 2003 implementation in which the primary goal was to utilize SharePoint Portal Server 2003 to create a collaborative environment and to move documentation from file repositories to SharePoint document libraries. This company was comprised of two Divisions; we’ll refer to them as Division A and Division B. The overall security model was to grant all users with domain accounts (single domain model, which included accounts for both divisions of users) read access over any portion of the portal, so to satisfy that, I added the Domain Users group to the Members Site Group in SharePoint Portal Server.
While training, a department head indicated that they have some content in document libraries in their department Area that Division B users should not be able to access because of the nature of the content. This threw a major wrinkle into the security implementation; however, we shortly rectified the problem using a Windows SharePoint Site (WSS).
One little known feature of WSS sites is that you can set security at the Site level, but also at the List (and in this case, document library) level. With SharePoint Portal Server, the lowest level of security provided is to the Area, which in WSS, you can manage permission all the way down to the list level.
To secure a list in WSS, perform the following steps:
1. Navigate to the team site that the list resides on and click the Documents and Lists link in the top navigation bar.
2. Click on the list you want to secure to open the list in detail view. Along the left column, under Actions, click Modify settings and columns
3. Under General Settings, click Change Permissions for this ‘list_name’, where ‘list_name’ is the type of list your securing, in this case it was Document Library.
4. Click Add Users on the options bar
5. Type the name of the user or group in DOMAIN\User or DOMAIN\Group format and assign the permissions that you require and click the Next button.
In this case, we included the group of users that could access the portal and did not add the restricted group, which will keep them from viewing the content.
6. Complete the Add Users screens by completing the email section and then click the Finish button.
In the case of this client, they fortunately had grouped their users based on two divisions. Division A and Division B. The group associated with Division A was added to the list with View Items permissions, while the Division B group was not included and therefore locked out.
Not only will the users of Division B not be able to access the documents by directly accessing the document library, but they will not see the content in this library in search results either.
We completed the association of this document library by providing a link to the WSS site that contained the library on to a Links web part in the department’s portal area.
So in summary, SharePoint Portal Server 2003 provides security at the Portal and Area level. If more granular control over content is required, WSS holds the answer because you are able to secure at the Site level, but also down to the list level.
It is always a best practice to implement security using Active Directory group objects. This allows you to set security once in the portal and maintain security using group membership in Active Directory.
-------------------------------
Submitted By: Eric Stepek, Quilogy-本文属转载