Security in SPS can only be set at the area level, and in WSS at the document
library or list level. You could setup multiple document libraries that
actually live in other area or WSS sites to support this permissions model, but
you won't be able to do this with a single document library or a single SPS
area.

Does the audiences concept is linked to the functionnality I need?

Audiences are a filter, not security. While you can use audiences to create a
view or targetting within a web part, this does not prevent access to the data
in cases where another view or web part is used to access the document library
data.

And the targeted items show  up normally in the homepage but also show up
in the personalized web parts.

So the content would still be viewable to anyone looking at the area
even thought it may not be targeted to the user.

I don't understand exactly. If I have a document library in an area and
target the entire library web part to a particular audience doesn't that
limit it's view to only that audience?

It a way that is security?

While it may be true that it will restrict viewing in that particular web part,
it does not keep non-audience users  from viewing doc lib contents in other web
parts pointing to the same document library. That is why it is not security. It
is most akin to a view with a filter - all that needs to be done to view the
data is change the filter. There is nothing in the library itself to restrict
access.

I understand that. Thanks.

I will say though if one careful to not point contents in another web
part to it then filtering would work to restrict people from accessing.
This could be an acceptable "work around". For example, I have a doc
library that only one audience can access, and the only way to it is to
go to the web part itself. I have no need to point to it from any other
place in the Portal.

While that works from the pure browser access point of view, it does not
restrict access from any of the other clients (web services, DAV/web folders,
Office 2003, direct URL access, search results, etc). It also assumes that no
other users  have access to add web parts anywhere else in the portal. As long
as you understand this is convenience and NOT security there's no worries. Just
don't expect that because one web part has been secured that this secures the
source. A clever user with any type of access to the document library can
easily get to anything in that library only "secured" using audiences.

Those are good points. So as you mentioned the best way to provide
security to different doc library web parts is to put them in separate
Areas. Is there another way?

If you use WSS team sites, the security can be assigned at the individual
document library level. Beyond those 2, you are talking about a custom
solution. There are also 3rd party solutions out there that implement
per-folder or per-item security using either a modified WSS/SPS document
library, or a new doc lib of their own design.

I really think the WSS site is not such a great idea. It takes the user
out of the portal in a way........At least that's what I can see so far.
How would you integrate a WSS site into the portal?

What about the security settings on an area page? If a user does not
have permissions to the area then doesn't that mean they can't get to
the docs in it?

WSS sites are already integrated in a way (at least as much as they are
removed). You can provision them from the portal, list them in the site
directory, etc. Using data view web parts we can even list their contents in a
portal page.

You are correct on the area permissions - to setup no access for a document (or
group of documents) you would need to setup an area with no permisisons, then
create a document library inside that area containing the document(s).

Permissions on an area or sub area could work for us. Not the best
though.

I'm curious to now how to provision a WSS site from the portal, and then
list them is the site dir. If you use a data view webpart on a WSS site
does it display links to the doc or just a list? And do they appear to
the user based on his or her access rights?

This kind of thing was a lot easier in SPS1..............

WSS sites are provisioned from the Sites area - there is a link "Create site" in
the left navigation that drops you into a wizard. One of the options in the
wizard is to have the site listed in the directory.

A data view web part can point to either a list or a document library (or most
any other source that comes from a web service). Security is enforced according
to the user's role the same as the OOTB document and list parts.

Sites Area? I don't see where that is from the Portal page........

Sounds like a data view web part can be very usefull to us.

It should appear on the vrtical navigation bar by default. If it doesn't, its
either been hidden or removed. If hidden, you can find it from the
administration under Manage site structure (I think that's it, going from
memory).

What do you mean by site directory????

It must have been removed. I did find the url for the site creation page
but the wizard do not give me the option to list it on the navigation
area.

The wizard is for creating new sites and allows you to list them in the Sites
area. If you want the Sites area to be listed, this is a property under Manage
portal site structure -> Edit (from the pulldown for Sites in the tree) ->
Display - on this page uncheck "Exclude from portal site navigation".

I see. The problem is that the site area in the tree is
missing..........

Ok, so the question now is:

Is there a way to re-create the sites area?