Section 4.1. Users and Site Groups

4.1. Users and Site Groups

Users access SharePoint sites to add, view, edit, and delete content. To ensure users retrieve the appropriate content, Windows SharePoint Services provides you with a flexible security model. Whenever you work with security, you have to consider two separate but equally important processes:

Authentication

The process of authentication determines whether a user is who he says he is. Authentication generally involves comparing a username and password to a set of stored credentials. The credentials prove that the user accessing your site is a legitimate user.

Authorization

Once you have authenticated a user, the next step is to decide which resources the user can access. This process is known as authorization. In most cases, configuring authorization requires that a site administrator map a user to a permission set.

Windows SharePoint Services supports authentication through easily configurable integration with Windows Server 2003, Active Directory, and Microsoft Internet Information Services (IIS). Authorization, on the other hand, requires that you create site groups (permission sets) linked to one or more users. A site group is assigned to a user when the user initially accesses the site. You can also change the site group a user belongs to through SharePoint's site settings. This process is outlined in Section 4.3 later in this chapter.