MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Final Word on Permissions

  Asked By: Sade    Date: Oct 11    Category: MOSS    Views: 1103

There has been alot of debate in my organization, the United States Government,
about how permissions work within SharePoint, specifically the difference
between WSS and MOSS. The debate is that one side believes that in WSS if you
add an active directory security group to a sharepoint group, not to the site
but to a group within a site, that this sharepoint group will "Not" take a
snapshot in time of the AD group when it is added.

It was my understanding, and maybe I got it wrong, that this was not the case.
That, in fact, adding ad groups to sharepoint groups in WSS was not a good idea;
since SharePoint would take a snapshot of the AD security group at the time that
it was added and that later additions to the AD group would not poplulate/synch
with the WSS Sharepoint group.

Is this the case, do I have it right or wrong?

The second part of the debate is that within Moss this is a non issue due to the
ad profile import, is that correct?

Any help or advice on this would be much appreciated and if you could cite sites
in your reply that would be helpful, as well? I am going to put this to bed,
once and for all and we'll see if I am sleeping on the couch, so to speak, if I
am wrong.



2 Answers Found

Answer #1    Answered By: Kristian Chaney     Answered On: Oct 11

The security  structure of SharePoint is the same whether you are on WSS or MOSS.
The existence of Profiles in MOSS has nothing to do with security and doesn't
affect how AD groups  operate.

Also, Adding an AD group  as a SharePoint user or member of SharePoint group is
the way to do things. People added  later to the AD group WILL be given access
in SharePoint. The use of AD Distribution groups rather than security groups is
what you are describing and it should be avoided. SharePoint does do some
caching of AD security groups, but does NOT take a shapshot that never updates.

You need to go back and look at the underlying principles of Security again. I
would look at the following Technet articles.

MOSS: technet.microsoft.com/en-us/library/cc262331.aspx
WSS: technet.microsoft.com/en-us/library/cc288547.aspx

Answer #2    Answered By: Alicia Scott     Answered On: Oct 11

Think of SharePoint as a file server (which it is essentially).
You create local SharePoint groups.
You add a Domain group  to a Local Groups.

If add accounts to the Domain Group, they will have the same access to the
resources as the Local Group.

Administrator creates a local group called LG1
Administrator adds domain group, DG1 to LG1.
Accounts added  to DG1 will have the same access to the same resources as LG1.

Didn't find what you were looking for? Find more on Final Word on Permissions Or get search suggestion and latest updates.