Chapter 8 -- Planning Security

Chapter 8

This chapter presents an overview of the advantages of using Microsoft® Windows® 2000 security features with Microsoft SharePoint Portal Server 2001. It reviews the elements of Windows 2000 security that allow you to secure access to content on your corporate portal and the role-based security model for SharePoint Portal Server. Although this chapter primarily reviews Windows 2000 security, SharePoint Portal Server supports use of a Microsoft Windows NT® version 4 domain structure. This chapter describes the SharePoint Portal Server security architecture including the publishing model and provides suggestions for securing content for search and content aggregation. For more information about security-related topics, see Appendix B, For More Information.

Extending the Distributed Security Model

SharePoint Portal Server extends the distributed security model supported by Windows 2000. With role-based security, SharePoint Portal Server simplifies content management by allowing you to distribute administrative tasks to content owners. Instead of relying on a complex and customized system of access rights and permissions, SharePoint Portal Server associates users with roles according to tasks. SharePoint Portal Server modifies their access to a specific document based on the state of the document. The roles create a more flexible and dynamic security model.

Combining the security features available in Windows 2000 and SharePoint Portal Server results in a powerful and flexible security infrastructure that puts significant new capabilities into the hands of content experts.

Assigning Traditional NT Security

With a server based on a traditional NTFS file system, administrators could define groups of users for the local system or within the domain, but could not customize these memberships to specify security policies on content folders. In this situation, the person responsible for securing content must choose among a difficult set of strategies:

  • Make continual requests of the local system/domain administrator to manage group memberships.
  • Manage many different permission settings on a large number of folders.
  • Settle for a compromise on security policy that is either overly restrictive or overly permissive.

SharePoint Portal Server solves these issues by using roles as the primary mechanism for controlling access to content.

Using Role-Based Security

Coordinators can give users or groups access to content by adding them to the security policy on a folder and classifying them into one of three roles: Reader, Author, or Coordinator. On enhanced folders, you can also classify a user as an Approver. SharePoint Portal Server then manages security automatically on all content within the folder to ensure that a user has the appropriate level of access to each document. In the case of enhanced folders, SharePoint Portal Server updates the security settings as the document traverses the publishing model. As a document goes through the typical document lifecycle of check-in, check-out, check-in and approval, SharePoint Portal Server gives users the appropriate level of access to the document based on their role membership on the folder.



Microsoft Sharepoint Portal Server 2001 Resource Kit
Microsoft SharePoint(TM) Portal Server 2001 Resource Kit (Examples & Explanations Series)
ISBN: 0735615624
EAN: 2147483647
Year: 2001
Pages: 231

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net