SharePoint Security Concepts

                 

 
Special Edition Using Microsoft SharePoint Portal Server
By Robert  Ferguson

Table of Contents
Chapter  11.   Planning and Managing Security


With SharePoint Portal Server, security is crucial for both document management and providing effective searching. The foundation of document management security is the ability to selectively restrict access to confidential or sensitive information while controlling the change, approval, and publication processes.

This chapter discusses planning and managing SharePoint Portal Server security.

Information security is typically used to provide three types of protection:

  • Protection against user error

  • Protection against unauthorized access to information

  • Protection against malicious attacks and behavior

Within SharePoint Portal Server, most security configuration and management functions are performed at the folder-level through the manipulation of folder properties. At the folder-level, you can assign security roles, configure approval routes, and reset security to child folders and documents. While security settings are managed primarily through folder-level settings, security is enforced at the file-level, not the share-level.

SharePoint Portal Server also recognizes security policies or settings that are currently in use within your organization's environment. Information found on messaging servers, databases, and file shares are all subject to whatever existing security configurations exist on those systems. When search results are provided for documents located on these information sources, the security policies applicable for each document are enforced by SharePoint Portal Server. In SPS, if a user has filesystem level permissions to view a document, but not share level permissions, the document will still be indexed and displayed in a search, but the user will receive an error and will not be able to view the document if selected.

File-level security is controlled through the use of three fixed security roles. These roles offer a flexible and manageable method for controlling user access to documents in the workspace. Roles can be assigned to both local and domain users and groups in your Windows NT or Windows 2000 environments. Additionally, users and groups can be explicitly denied access to individual files through the use of the Deny Access feature.

You can only create subfolders within the Documents and Portal Contents folders in the workspace. By default, subfolders inherit security settings from their parent folders. You can override this default behavior by disabling the inheritance in the parent folder's security settings. Once a subfolder has been created, changes to a parent folder's security settings are only propagated if inheritance is enabled or if they are explicitly reset from the Security tab in the parent folder's properties dialog box (see Figure 11.1).

Figure 11.1. Security inheritance and subfolder propagation are both configured in the Security tab.

graphics/11fig01.jpg

It is important to note that only the role settings are inherited by subfolders. Approver and approval route information is copied to the subfolder when it is created, but subsequent changes in approval settings for a folder are not propagated to subfolders. If you need to change these settings, they must be made on a folder-by-folder basis.


                 
Top


Special Edition Using Microsoft SharePoint Portal Server
Special Edition Using Microsoft SharePoint Portal Server
ISBN: 0789725703
EAN: 2147483647
Year: 2002
Pages: 286

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net