Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

Do portal area permissions interact with WSS site and document library

  Asked By: Prince Joyce         Date: Jan 29, 2005      Category: Sharepoint      Views: 284
 

Context:

1. I store a collection of documents in a "master" document library in a WSS site
2. On an area-by-area basis in the SPS portal area hierarchy, I want to create listings that link to subsets of documents in the master document library.

In SPS/WSS, I have the option of setting access permissions on a) the portal area, b) the WSS site and/or c) the WSS document library

Questions:

How do the portal area permissions interact with the WSS site and document library permissions?

The goal is to find a work around for the lack of item-level security in WSS doc libraries.

That is, can I:
A) enforce very restrictive access controls on the WSS "master" document libraries containing a large variety of documents (e.g. no reader access), and

B) then use portal areas and a "portal area-per-role" approach to allow controlled role-based access to selected subsets of the documents in master doc lib?

Tagged:                      

 

11 Answers Found

 
Answer #1       Answered By: Gregg Wilkinson          Answered On: Jan 29, 2005       

The short answer is “no”. No matter how we slice it, dice it, cut it, shred it or tear it, there is no item-level  security in a document  library. The best you’ll get is an ability to like each area  to a *view* of the documents, but the view will not be secured. Portal security  does not interact  with site  security. Site collection  security does not cross boundaries – unfortunately.



If someone else has a bulls-eye answer, I’m all ears. Everyone under the sun wants to do something like this, but I’ve not seen a solution to this yet.

 
Answer #2       Answered By: Darrel Sexton          Answered On: Jan 29, 2005       

I'm wagering that portal  area access  controls only control access to the area  and its listings  and if you can see and click on a listing, it is the WSS site/document library  access controls  that ultimately control access to the physical document?

 
Answer #3       Answered By: Tory Sellers          Answered On: Jan 29, 2005       

Absolutely correct.  site  collections do not have any method of sharing permissions  across site collection  boundaries. Remember that a portal  is really a collection of one or more site collections. The permissions assigned to an area  to not pass through to the content from a portal listing.

 
Answer #4       Answered By: Agustin Miranda          Answered On: Jan 29, 2005       

You can create  a template and add you own security  and using the shropt.aspx there is a way of changing some document  lib level permissions  for SPS. but dont quote me!

I am looking into this and also investigating i will keep you posted on any new findings!

 
Answer #5       Answered By: Arron Middleton          Answered On: Jan 29, 2005       

It is after per-item permissions, not doc  level permissions.

 
Answer #6       Answered By: Vance Hardin          Answered On: Jan 29, 2005       

N’est pas?

But for some reason, the WSS team did not give us item-level permissions  in a document  library.

 
Answer #7       Answered By: Kareem Flynn          Answered On: Jan 29, 2005       

But with all the documents  existing in SQL is there no clever way of hooking in to SQL, then writing a aspx page or web part to do this?

 
Answer #8       Answered By: Tyron Calderon          Answered On: Jan 29, 2005       

The point is that you’ll have to hook into SharePoint security  model. From what I’ve been told, this is never easy to do – to hook into and leverage effectively a security model from Microsoft.

 
Answer #9       Answered By: Irvin Foley          Answered On: Jan 29, 2005       

As I've mentioned to Bill offline, we have come up a design solution based on a master document  library concept that will automatically create  areas with role-based access  to individual documents  in the master library  and in effect, provide document-level access control.

 
Answer #10       Answered By: Deonte Stein          Answered On: Jan 29, 2005       

We had a similar scenario on a recent implementation. We created a site  template based around their business process. In the business process, there are several outside groups who need to upload documents  to the site. There was a different set of security  rules based on each document  type, and those would often change from one instance of this process to another.

The solution we came up with was as follows:

- Each outside group will have a document library  called “Outside Group X’s Documents”. That group will have rights to add, edit, and delete documents in that library and only that library.

- The department overseeing the process would have a centralized location called “All Documents”. They, and only they, would have the rights to add, edit, and delete documents from that library. They would also have access  to all of the document libraries  for the outside groups.

- As documents come in from the outside groups, the department would move them to the appropriate folder within All Documents. For a future phase, we are looking at ways to use event handlers to automate the process of moving the documents as they come in to the appropriate folder in All Documents, based on properties that the outside group would set as they uploaded the documents.

- If the department needed to share a particular document with one of the outside groups, they would place a copy of the document in the appropriate group’s doc  library.

This by no means was an ideal setup, but it was something that gave the group comfort in knowing with a high degree of certainty that no outside group could access a document they were not supposed to access.

 
Answer #11       Answered By: Stephon Valentine          Answered On: Jan 29, 2005       

I can imagine a scenario where you write code that protects individual
documents in a document  library. However, it will be quite a proprietary
solution. There will need to be some thought given about a good upgrade
path if Microsoft brings back document level permission in WSS V3 or
maybe even in SP2. Food for thought.

 



 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011