Managing Users


Once the portal structure is designed and implemented, you will want to assign permissions to portal users. Adding users is relatively straightforward. In fact, you added some users after the portal was installed in Chapter 2. However, determining the permissions that should be granted to each user requires understanding and planning.

Understanding Site Groups

In order to manage users, you must begin by understanding the role-based permissions system upon which SPS operates. SPS refers to the various roles it provides as site groups . In SPS, you can assign portal users to the Reader, Contributor, Web Designer, Administrator, Content Manager, or Member site groups.

Each of the site groups in SPS has a corresponding set of rights. These rights are associated with a particular site group initially, but you can easily change the assignments of rights. You can also create your own custom site groups with specific rights you assign.

Before assigning users to site groups, carefully consider their needs. The vast majority of users are likely to be good candidates for the Member site group. This group allows a user to access all of the elements in the portal and personalize their environment.

In a typical portal deployment, 20 to 40 percent of the user community will belong to the Contributor site group. These individuals have additional limited management capabilities associated with lists and can also make use of the document management features of SPS. In some deployments, organizations may even choose to add the majority of users to this group, effectively eliminating the Member site group.

In contrast to the Member and Contributor groups, most organizations will assign less than 10 percent of their users to the Content Manager site group. This group is responsible for reviewing and approving content. In order to properly moderate the posted content, this group should be small.

Generally, the Web Designer and Administrator site groups will have small populations. These groups will be limited to individuals who need special rights to create content or manage the portal. Web designers are specialized users responsible for advanced content, formatting, and appearance, whereas administrators have complete control over the portal and all its settings.

The least used of all the site groups is the Reader group. This group is useful only for delivering content to specialized groups such as customers or partners . In these cases, only limited functionality is required. Each specific right defined in SPS is explained in the following list, and Table 3-1 summarizes the rights assigned to each site group.

Table 3-1: Site Groups and Rights

RIGHT

READER

CONTRIBUTOR

WEB DESIGNER

ADMINISTRATOR

CONTENT MANAGER

MEMBER

View Area

X

X

X

X

X

X

View Pages

X

X

X

X

X

X

Add Items

X

X

X

X

X

Edit Items

X

X

X

X

Delete Items

X

X

X

X

Manage Personal Views

X

X

X

X

Add/Remove Personal Web Parts

X

X

X

X

X

Update Personal Web Parts

X

X

X

X

X

Cancel Check Out

X

X

X

Add and Customize Pages

X

X

X

Create Area

X

X

X

Manage Area

X

X

X

Manage Area Permissions

X

Apply Style Sheets

X

X

Browse Directories

X

X

X

X

Create Personal Site

X

X

X

X

X

Create Sites

X

X

X

X

X

Use Personal Features

X

X

X

X

X

Manage Alerts

X

Manage User Profiles

X

Manage

X

Audiences

Manage Portal Site

X

X

Manage Search

X

Search

X

X

X

X

X

X

  • View Area: This right allows a user to view an area and its contents.

  • View Pages: This right allows a user to view pages within an area.

  • Add Items: This right allows a user to add items to lists within an area and add documents to libraries.

  • Edit Items: This right allows a user to edit items in lists, edit documents in a library, and edit web part pages contained in document libraries.

  • Delete Items: This right allows a user to delete items from a list in an area or a document in a library.

  • Manage Personal Views: This right allows a user to create, edit, and delete personal views of lists.

  • Add/Remove Personal Web Parts: This right allows a user to add or remove web parts from a personalized page.

  • Update Personal Web Parts: This right allows a user to change web part settings to personalize content.

  • Cancel Check Out: This right allows a user to check in a document to a library without saving the current changes even if they are not the one who checked out the document.

  • Add and Customize Pages: This right allows a user to use an editor to change HTML pages, web part pages, and portal content.

  • Create Area: This right allows a user to create a new area in the portal.

  • Manage Area: This right allows a user to change the properties of an area.

  • Manage Area Permissions: This right allows a user to change the user rights associated with an area.

  • Apply Style Sheets: This right allows a user to apply a style sheet to an area or the entire site.

  • Browse Directories: This right allows a user to browse the directories in an area.

  • Create Personal Site: This right allows a user to create a personal site in the portal.

  • Create Sites: This right allows a user to create a new site in the portal if SSSC is enabled.

  • Use Personal Features: This right allows a user to use alerts and personal sites in the portal.

  • Manage Alerts: This right allows a user to change alert settings for the portal and users.

  • Manage User Profiles: This right allows a user to add, delete, and change information associated with the profiles of portal users.

  • Manage Audiences: This right allows a user to add, delete, and change the membership of an audience.

  • Manage Portal Site: This right allows a user to manage portal and site settings.

  • Manage Search: This right allows a user to add, delete, and change index and search settings.

  • Search: This right allows a user to search the portal site and associated content.

Adding Users

Once you have planned out the membership of each site group, you are ready to add users to the groups. In order to add users to site groups, you should be logged in as a member of the Administrator site group. The simplest way to get started adding users is to navigate to Site Settings Manage Users.

On the Manage Users page, you can easily add users and groups from the directory. When you select to add users, SPS provides a screen to select users and groups from Active Directory. Figure 3-7 shows the selection page.

click to expand
Figure 3-7: Selecting users and groups from Active Directory

In the absence of any separate action, subsites created in the portal will inherit the security settings of their parent. However, you can change the settings to allow customized permissions for any site. Generally, as you move deeper into subsites on the portal, the content targets smaller groups with greater permissions. As an example, sites created specifically for IT projects might allow access to just the project team but with expanded permissions to manage content.

Follow these steps to add users:

  1. From the portal home page, click the Site Settings link.

  2. On the Site Settings page, select General Settings Manage Users. This opens the Manage Users page.

  3. On the Manage Users page, click the Add Users link. This opens the Add Users page.

  4. On the Add Users page, type a user name in the form domain\ name and select the site group where the user will be added.

  5. Click Next .

  6. On the next page, verify the e-mail information for the new user. You can modify the message if you want. Then click Finish. Figure 3-8 shows a typical list of users added to the portal.

    click to expand
    Figure 3-8: Users and groups assigned to site groups

Active Directory Account Creation Mode

Along with the normal domain account mode, SPS also supports a special account mode known as Active Directory Account Creation (ADAC). This mode is intended for use by Internet Service Providers (ISP) who support large constituencies that are not members of the hosting domain. In ADAC mode, users are entered using e-mail addresses instead of domain accounts. In this way, an ISP can host Internet users without having to specifically add them to a domain.

It's important to note that ADAC is incompatible with the normal domain account mode. During the installation of SharePoint Services, you select in which mode the site will operate . After you make the selection, you cannot alter it. Throughout this book, I assume that SharePoint Services are operating in domain account mode.

Understanding User Profiles

One of the primary business reasons for deploying a portal like SPS is to improve employee productivity. Generally this productivity increase is realized through the simplification and personalization of enterprise resources viewed by the end user. If portal users have quick access to the documents, information, and people they need to do their job, they will in turn be more productive.

SPS addresses simplification and personalization through the use of user profiles . Whereas site groups are primarily vehicles to address user privileges, user profiles provide detailed information about portal users so that content may be targeted to interested groups of users. Additionally, profiles can be used to include information about people in site searches, which allows a portal user to locate an area expert for assistance.

Before you can investigate the uses of profiles later in the book, you must create them. The simplest way to create a set of profiles for your portal users is to import them directly from Active Directory. You can access the tools for profile management by starting at the portal home page and clicking on the Site Settings link. On the Site Settings page select User Profile, Audiences, and Personal Sites Manage Profile Database. This opens the Manage Profile Database page.

On the Manage Profile Database page, you can set up a recurring schedule to import profiles from Active Directory. The simplest way to set up the import is to click the Specify Source link, which opens the Configure Profile Import page. On this page, you may specify the source of the profile information and schedule a recurring import.

To import user profiles, take these steps:

  1. Log in to the portal in the Administrator site group.

  2. From the portal home page, click Site Settings.

  3. From the Site Settings page, select User Profile, Audiences, and Personal Sites Manage Profile Database.

  4. From the Manage Profile Database page, select Profile and Import Settings Specify Source.

    Note

    If you receive this error message, "Failed to retrieve the current domain name from the Active Directory directory services," then you should set up a custom source as described in the paragraph following these steps.

  5. On the Configure Profile Import page, select Current Domain under the Source section.

  6. Provide an appropriate name and password to run the import.

  7. Set up a full and incremental schedule, if you want one.

  8. Click OK.

  9. On the Manage Profile Database page, click the Start Full Import link.

For more complex environments than I have set up for this book, it may be necessary to define a custom source for the profile import. When you define a custom source on the Configure Profile Import page, you will be prompted to specifically name the domain controller and domain for the import source. You will also have to define a valid search base for the import and a valid Active Directory filter. As an example, a valid search base for my environment is DC=sps,DC=local and a valid filter is objectClass=User .

Once the import is complete, click the View User Profiles link on the Manage Profile Database page to see the results of the import. Examine the list of objects that were imported and delete any that are inappropriate, such as system objects. Once you have the import cleaned up, you can examine a specific profile to see what information is available.

The value of the import will obviously depend upon how much information is available in Active Directory. In any case, the profiles in SPS are more extensive than the entries found in Active Directory, so you will probably have to enter some information by hand. The good news is that portal users can edit their own profile, so you can simply have them update the profile as a first order of business when they use the portal.




Microsoft SharePoint[c] Building Office 2003 Solutions
Microsoft SharePoint[c] Building Office 2003 Solutions
ISBN: 1590593383
EAN: N/A
Year: 2006
Pages: 92

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net