Restricting Access to Documents and Libraries


Security for documents is important for most organizations. Some organizations need to restrict access to specific documents. For example, employee salary information is usually not meant to be publicized; therefore, access to it would be restricted to only those people who needed to work with the documents. As another example, people may be using shared workspaces for collaboration when modifying documents, but the final version goes to a centralized departmental site where write access is restricted to the department manager.

Security is used in multiple ways in SharePoint, as discussed in detail in Chapter 15, "Implementing and Validating SharePoint Security." This chapter provides an overview of the security features that can be used when managing access to documents and libraries.

Managing Site Security with Site Groups

Site groups control the overall actions that users can perform on the site. When users are granted permission to access the site, they must be assigned to at least one site group. The default groups are as follows:

  • ReaderMembers of this group have read-only access to the site and cannot add any content. Readers can view items and pages. However, Readers can create top-level sites using Self Service Site Creation.

  • ContributorMembers of this group can add content to document libraries and lists but cannot create new libraries and lists. Contributors can manage personal views and add, remove, and update personal Web Parts.

  • Web DesignerThis group can customize pages in the site, create document libraries and lists, and cancel check-out.

  • AdministratorThis group has full control of the site.

In addition to the groups just listed is a Guest group that has limited rights to view specific pages and/or parts of a page. Members are added to this group when they are given per-list permissions for a specific list or library.

Custom site groups can also be created with rights selected by the creator of the group. To create a custom site group

1.

From the SharePoint Portal Server Site Settings page, click on Manage Security and Additional Settings, and then from that page, click on Manage Site Groups.

2.

Click on Add a Site Group to add a new group.

3.

On the next page, enter the name and description for the group; then select the specific rights to be assigned to the group.

4.

Click OK when finished.

Figure 11.17 shows some of the rights that can be added to a custom-created group.

Figure 11.17. Creating a custom site group.


The rights assigned to site groups and individual users can also be modified. This is done as follows:

1.

From the SharePoint Portal Server Site Settings page, click on Manage Security and Additional Settings, and then from that page, click on Manage Site Groups.

2.

Click on the group to be changed. The names of the people assigned to that group are then displayed. You can add individuals to the site group by clicking on Add Members at this point as well.

3.

If an individual member's rights are to be changed, click on the member name; if the rights for the entire group are to be changed, click on Edit Site Group Permissions.

4.

The list of rights is then displayed. Add or remove check boxes to provide the desired rights to the individual or group.

5.

Click OK when finished.

NOTE

The rights assigned to the Administrators group and to the Guest group cannot be changed.


Providing Access to a Specific List Using Per-List Permissions

For granularity, user access can also be specified on a per-list basis. Remember that a list in SharePoint can be a document library, links, contacts, tasks, announcements, events, or issues. If there is a list (for example, a document library) that contains sensitive data (for example, payroll information), the list can be configured to prevent access to the documents for the non-payroll personnel.

To change permissions to a library or list

1.

From within the library, click on Modify settings and columns.

2.

Click on Change permissions for this document library.

3.

At this point, as shown in Figure 11.18, you have the option to Add User, Remove Selected Users, Edit Permissions of Selected Users.

Figure 11.18. Changing Permissions for a document library.


Each process is fairly self-explanatory so won't be reviewed in detail. A site administrator will want to experiment with this process depending upon the purpose of the library or list.




Microsoft SharePoint 2003 Unleashed
Microsoft SharePoint 2003 Unleashed (2nd Edition) (Unleashed)
ISBN: 0672328038
EAN: 2147483647
Year: 2005
Pages: 288

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net