Chapter 8
This chapter presents an overview of the advantages of using Microsoft® Windows® 2000 security features with Microsoft SharePoint Portal Server 2001. It reviews the elements of Windows 2000 security that allow you to secure access to content on your corporate portal and the role-based security model for SharePoint Portal Server. Although this chapter primarily reviews Windows 2000 security, SharePoint Portal Server supports use of a Microsoft Windows NT® version 4 domain structure. This chapter describes the SharePoint Portal Server security architecture including the publishing model and provides suggestions for securing content for search and content aggregation. For more information about security-related topics, see Appendix B, For More Information.
SharePoint Portal Server extends the distributed security model supported by Windows 2000. With role-based security, SharePoint Portal Server simplifies content management by allowing you to distribute administrative tasks to content owners. Instead of relying on a complex and customized system of access rights and permissions, SharePoint Portal Server associates users with roles according to tasks. SharePoint Portal Server modifies their access to a specific document based on the state of the document. The roles create a more flexible and dynamic security model.
Combining the security features available in Windows 2000 and SharePoint Portal Server results in a powerful and flexible security infrastructure that puts significant new capabilities into the hands of content experts.
With a server based on a traditional NTFS file system, administrators could define groups of users for the local system or within the domain, but could not customize these memberships to specify security policies on content folders. In this situation, the person responsible for securing content must choose among a difficult set of strategies:
SharePoint Portal Server solves these issues by using roles as the primary mechanism for controlling access to content.
Coordinators can give users or groups access to content by adding them to the security policy on a folder and classifying them into one of three roles: Reader, Author, or Coordinator. On enhanced folders, you can also classify a user as an Approver. SharePoint Portal Server then manages security automatically on all content within the folder to ensure that a user has the appropriate level of access to each document. In the case of enhanced folders, SharePoint Portal Server updates the security settings as the document traverses the publishing model. As a document goes through the typical document lifecycle of check-in, check-out, check-in and approval, SharePoint Portal Server gives users the appropriate level of access to the document based on their role membership on the folder.