Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Do portal area permissions interact with WSS site and document library

  Asked By: Prince    Date: Jan 29    Category: Sharepoint    Views: 960


1. I store a collection of documents in a "master" document library in a WSS site
2. On an area-by-area basis in the SPS portal area hierarchy, I want to create listings that link to subsets of documents in the master document library.

In SPS/WSS, I have the option of setting access permissions on a) the portal area, b) the WSS site and/or c) the WSS document library


How do the portal area permissions interact with the WSS site and document library permissions?

The goal is to find a work around for the lack of item-level security in WSS doc libraries.

That is, can I:
A) enforce very restrictive access controls on the WSS "master" document libraries containing a large variety of documents (e.g. no reader access), and

B) then use portal areas and a "portal area-per-role" approach to allow controlled role-based access to selected subsets of the documents in master doc lib?



11 Answers Found

Answer #1    Answered By: Deonte Stein     Answered On: Jan 29

We had a similar scenario on a recent implementation. We created a site  template based around their business process. In the business process, there are several outside groups who need to upload documents  to the site. There was a different set of security  rules based on each document  type, and those would often change from one instance of this process to another.

The solution we came up with was as follows:

- Each outside group will have a document library  called “Outside Group X’s Documents”. That group will have rights to add, edit, and delete documents in that library and only that library.

- The department overseeing the process would have a centralized location called “All Documents”. They, and only they, would have the rights to add, edit, and delete documents from that library. They would also have access  to all of the document libraries  for the outside groups.

- As documents come in from the outside groups, the department would move them to the appropriate folder within All Documents. For a future phase, we are looking at ways to use event handlers to automate the process of moving the documents as they come in to the appropriate folder in All Documents, based on properties that the outside group would set as they uploaded the documents.

- If the department needed to share a particular document with one of the outside groups, they would place a copy of the document in the appropriate group’s doc  library.

This by no means was an ideal setup, but it was something that gave the group comfort in knowing with a high degree of certainty that no outside group could access a document they were not supposed to access.

Answer #2    Answered By: Gregg Wilkinson     Answered On: Jan 29

The short answer is “no”. No matter how we slice it, dice it, cut it, shred it or tear it, there is no item-level  security in a document  library. The best you’ll get is an ability to like each area  to a *view* of the documents, but the view will not be secured. Portal security  does not interact  with site  security. Site collection  security does not cross boundaries – unfortunately.

If someone else has a bulls-eye answer, I’m all ears. Everyone under the sun wants to do something like this, but I’ve not seen a solution to this yet.

Answer #3    Answered By: Darrel Sexton     Answered On: Jan 29

I'm wagering that portal  area access  controls only control access to the area  and its listings  and if you can see and click on a listing, it is the WSS site/document library  access controls  that ultimately control access to the physical document?

Answer #4    Answered By: Tory Sellers     Answered On: Jan 29

Absolutely correct.  site  collections do not have any method of sharing permissions  across site collection  boundaries. Remember that a portal  is really a collection of one or more site collections. The permissions assigned to an area  to not pass through to the content from a portal listing.

Answer #5    Answered By: Agustin Miranda     Answered On: Jan 29

You can create  a template and add you own security  and using the shropt.aspx there is a way of changing some document  lib level permissions  for SPS. but dont quote me!

I am looking into this and also investigating i will keep you posted on any new findings!

Answer #6    Answered By: Arron Middleton     Answered On: Jan 29

It is after per-item permissions, not doc  level permissions.

Answer #7    Answered By: Vance Hardin     Answered On: Jan 29

N’est pas?

But for some reason, the WSS team did not give us item-level permissions  in a document  library.

Answer #8    Answered By: Kareem Flynn     Answered On: Jan 29

But with all the documents  existing in SQL is there no clever way of hooking in to SQL, then writing a aspx page or web part to do this?

Answer #9    Answered By: Tyron Calderon     Answered On: Jan 29

The point is that you’ll have to hook into SharePoint security  model. From what I’ve been told, this is never easy to do – to hook into and leverage effectively a security model from Microsoft.

Answer #10    Answered By: Irvin Foley     Answered On: Jan 29

As I've mentioned to Bill offline, we have come up a design solution based on a master document  library concept that will automatically create  areas with role-based access  to individual documents  in the master library  and in effect, provide document-level access control.

Answer #11    Answered By: Stephon Valentine     Answered On: Jan 29

I can imagine a scenario where you write code that protects individual
documents in a document  library. However, it will be quite a proprietary
solution. There will need to be some thought given about a good upgrade
path if Microsoft brings back document level permission in WSS V3 or
maybe even in SP2. Food for thought.

This post is locked for further answers.