Control permissions outside SharePoint

We have a application with SharePoint 2013.
We have other external application with a users authentications (names, passwords, and other properties).
The external application its responsible to the user authentication at all system of company. Now we have to use this same application to manage the permissions of access at SharePoint 2013 site. In other words, we will not use the permission levels in sites,
lists and libraries inside SharePoint, but we will use the assigned permissions at external service. The Administrator will set at the external system if a user has read permission ou colaboration at a determined site and when the user authenticate, the
user will use that assigned access permissions.
Is it possible to break the default role permission of SharePoint and do this permission management using na API provides from the web servisse and/or using custom SharePoint Apps?
The same question: Can I control the permission level of users in a Team Site of SharePoint 2013 getting the permission level from a external system consulting a web service.
We are disposed to use FBA, NTLM but we need the control the permission outside SharePoint not the authentication method.
Thanks for any advice!
Diego Ferreira

Yeah... well... I'm sure there's a good reason why your company is trying to make SharePoint do something it's not designed to do.  What you're proposing to "break" is such a fundamental part of SharePoint that it hardly makes any sense to do so.  The
best approach is to use your external system for user authentication such as SiteMinder, and then using Claims Based Auth, manage access in SharePoint.  It makes zero sense to try and manage access from outside of SharePoint.
For claims auth, start here:  http://technet.microsoft.com/en-us/library/jj219758.aspx
I trust that answers your question...
Thanks
C
|
RSS |
http://crayveon.com/blog |
SharePoint Scripts | Twitter |
Google+ | LinkedIn |
Facebook | Quix Utilities for SharePoint

Similar Messages

  • BatteryWatch is requesting changes to its application control permissions

    I am using an ad-supported application called BatteryWatch (1.9.7) and everything used to be fine.
    Now, however, everytime I open it I get the request "BatteryWatch is requesting changes to its application control permissions."
    No matter how I change the permissions, this message ALWAYS appears.
    The strange thing is that it didn't use to happen before.
    Since the time that it was working I have updated the application, updated Blackberry App World and I think the company might have moved onto BES/BIS(?).
    Any idea how I can stop this message appearing?

    Hi and Welcome to the Community!
    If your company indeed did move to BES and if indeed your BB has been activated on BES, then BES could be pushing out specific control permissions that are in conflict with what that app thinks it needs...and BES will win every time. So, when you launch the app, it prompts for a change to the permissions to what it thinks it needs...but, since BES is in control, it can't actually change the permission, and prompts again the next time.
    Basically, there is nothing you can do...BES wins every time.
    Good luck!
    Occam's Razor nearly always applies when troubleshooting technology issues!
    If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
    Join our BBM Channels
    BSCF General Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • AD RMS 2012 IRM permissions for SharePoint 2013 Library

    Hello guys
    Please, someone knows a technet document about IRM permissions for SharePoint 2013 Library,
    specifically?
    thanks a lot.
    Edward

    Hi I suggest you check out
    http://channel9.msdn.com/Events/SharePoint-Conference/2012/SPC073 it is a video recording but really interesting one. Also take a look at:
    http://technet.microsoft.com/en-us/library/jj219596%28v=office.15%29.aspx
    http://technet.microsoft.com/en-us/library/jj219785%28v=office.15%29.aspx
    Finally a great write-up is provided by Titus:
    http://www.titus.com/blog/2012/11/spc12-diary-day-5-%E2%80%93-information-rights-management-in-sharepoint-2013/
    HTH
    Martin

  • Performance Point - need to limit permissions to Sharepoint lists

    I set up Performance Point Dashboard Designer. 
    And as per Microsoft's instructions, I set up an Unattended Service Account for the Performance Point Service Application.
    And I gave this account read permissions under the Web Application's "User Policy".
    However, this gives a user access to see all sharepoint lists when they're creating a data source.
    When a user is creating a data source in Dashboard Designer, I want to limit their permissions to SharePoint lists to only what they normally have access to on the SharePoint sites.
    How can I configure Performance Point service application another way , instead of using an unattended service account?
    Please help!
    thanks!
    Also want to mention that I have Business Intelligence Centre set up as a Site Collection, and I only gave this user "Contribute" permissions, but it still gives them access to see everything in SharePoint sites when they create a data source,
    which shouldn't be!!
    How can I get it to reflect the same permissions that the user has in SharePoint?  They shouldn't see Lists that they don't have access to.

    Does anyone know how to limit permissions for Dashboard Designer??
    any help would be greatly appreciated!!!

  • Modifying Base Permissions in SharePoint Online

    Hi, 
    I am new to SharePoint and trying to understand the security model of SharePoint 2013. As far as I understand, Base Permissions in SharePoint cannot be modified either via UI or via APIs. However, Permissions levels (combination of base permissions) can
    be modified either ways. 
    If the Base Permissions can really be modified, how can it be done using the REST APIs?
    Thanks,
    Vibhuti

    Base Permissions can not be modified in SharePoint 2013.  Permission Levels are a named collection of Base Permissions.  Although you can modify some of the built-in permission levels I recommend always creating a copy and modifying the copy
    rather than modifying the original permission level.
    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

  • Enable or disable button on a ribbon based on user permissions in SharePoint 2010

    Hi,
    I have requirement to find a way to disable Inheritance, Add and Modify group from permission tab for users who are not added into specific group e.g. Administrators
    I have followed the following article to create a feature but have encountered few issues:
    http://msdn.microsoft.com/en-us/library/ff408060.aspx
    Issues:
    I used the above code as a sample to create a feature and test if it would work. It worked fine but even though i have replaced Location="Ribbon.Library.Actions.ConnectToClient" with my permission locations,
    Connect to Outlook button still doesn't appear when the feature is activated. If i deactive this feature it shows
    Connect to Outlook button even though there is no reference for this in the code!
    I have modified the Elements.XML and have added the following code but it still disables the buttons for a user who has Site Collection Administrator permissions, i just want to disable this for users who are in particular group:
    <?xml version="1.0" encoding="utf-8"?>
    <Elements xmlns="http://schemas.microsoft.com/sharepoint/">
    <CustomAction
    Id="RemoveRibbonButton"
    Location="CommandUI.Ribbon"
    RequireSiteAdministrator = "TRUE"
    >
    <CommandUIExtension>
    <CommandUIDefinitions>
    <CommandUIDefinition
    Location="Ribbon.Permission.Modify" />
    </CommandUIDefinitions>
    </CommandUIExtension>
    </CustomAction>
    <CustomAction
    Id="RemoveRibbonButton"
    Location="CommandUI.Ribbon"
    RequireSiteAdministrator = "TRUE"
    >
    <CommandUIExtension>
    <CommandUIDefinitions>
    <CommandUIDefinition
    Location="Ribbon.Permission.Add" />
    </CommandUIDefinitions>
    </CommandUIExtension>
    </CustomAction>
    </Elements>
    I have also have another issue when this feature is activated even though i haven't removed 'Check' and 'Manage' Ribbon locations, they are also greyed out as shown it the screenshot below:
    I have also created a user control using the following method:
    http://sharepointroot.com/2010/06/18/remove-actions-from-the-ribbon-sharepoint-2010/
    But again i need to restrict it specific user group.
    Any advice how to do this? or which way is better creating a feature or creating a user control? even though i liked the creating the feature as it gives your more control.
    Regards,
    Kashif

    Thanks for your reply Paul.
    I do understand that this is a partial solution and wouldn't stop them completely from doing these actions using different UI but atleast it would remove these options from the ribbon which is causing us some major issues when clicked by mistake especially
    'inherit permissions'.
    We do have governance policies in place and a certain user group can add and remove users from SP site. But the issue we have currently is that when one of these (authorised) users uses 'inherit permissions from parent' site. This removes the unique
    permissions from the subsite and delete all SP groups / permission level in the subsite. In some cases subsite contains confidential information which is then exposed to all the users who have access to the parent site.
    The main button which i'm interested to disable is 'Inherit Permissions' which i believe can't be used from anyother UI apart from the ribbon.
    I just need to know if it's possible to restrict this for some users or group? even if it just removes it from the ribbon only i would be still interested to explore this implementation.
    Any help would be apperciated.
    Regards,
    Kashif

  • How to Add a User Control to a SharePoint 2013 Visual Web Part ?

    Hi,
    1.I have created SharePoint 2013 Farm Solution through VS 2012.
    2.Added visual Web part
    3.Created a User control (Farm Solution ) and added some Control From tool Box.
    4.Drag and drop user control from solution explorer to visual web part.
    so its  Register tag and with prefix tag user controls automatically added on visual web part source. when i try to build solution it throws Exception:
    Exception :The name 'InitializeControl' does not exist in the current context.
    Please Provide solution after try/or proper workaround.
    Thanks,
    Siddheshwar

    Site name=http://sitename:22222/
    Visual Web part:
    <%@ Assembly Name="$SharePoint.Project.AssemblyFullName$" %>
    <%@ Assembly Name="Microsoft.Web.CommandUI, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
    <%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
    <%@ Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
    <%@ Register Tagprefix="asp" Namespace="System.Web.UI" Assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" %>
    <%@ Import Namespace="Microsoft.SharePoint" %>
    <%@ Register Tagprefix="WebPartPages" Namespace="Microsoft.SharePoint.WebPartPages" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
    <%@ Register Src="~/_controltemplates/15/SP2013Controls/SPControls.ascx" TagPrefix="uc1" TagName="SPControls" %>
    <%@ Control Language="C#" AutoEventWireup="true" CodeBehind="SPWebpart.ascx.cs" Inherits="SP2013Controls.SPWebpart.SPWebpart" %>
    <uc1:SPControls runat="server" id="SPControls" />
    User Control Code:
    <%@ Assembly Name="$SharePoint.Project.AssemblyFullName$" %>
    <%@ Assembly Name="Microsoft.Web.CommandUI, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
    <%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
    <%@ Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
    <%@ Register Tagprefix="asp" Namespace="System.Web.UI" Assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" %>
    <%@ Import Namespace="Microsoft.SharePoint" %>
    <%@ Register Tagprefix="WebPartPages" Namespace="Microsoft.SharePoint.WebPartPages" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
    <%@ Control Language="C#" AutoEventWireup="true" CodeBehind="SPControls.ascx.cs" Inherits="SP2013Controls.ControlTemplates.SP2013Controls.SPControls" %>
    <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><asp:Button ID="Button1" runat="server" Text="Button" />
    Deployement Location:{SharePointRoot}\Template\ControlTemplates\SP2013Controls\
    After User controls added on webpart .g.cs file getting blank.
    After 1st Build:
    'InitializeControl' does not exist in the current context
    The file '/_controltemplates/15/SP2013Controls/SPControls.ascx' does not exist.
    after 2nd Build Try:
    'InitializeControl' does not exist in the current context

  • Workflow not triggering when changing Item-level Permissions in Sharepoint 2013 list

    Scenario:
    We have a custom list in Sharepoint 2013 that we use for Case Management. We have a workflow that triggers on a created item generated from an email. The user then gets a reply with a link to his own case.
    I want the users only to be able to see their own cases and no one elses.  When I change this under
    Advanced Settings under List Settings and
    Item-level Permissions and set them to Read items that were created by the user
    and Create items and edit items that were created by the user
    the workflow doesn´t trigger.
    How can I resolve this? I've tried every possible out-of-the-box permissions but with no result. Help!
    Thanks in advance!
    // Browncreek

    When you're testing , remember you cant trigger declarative workflow from the System Account - you need a general user account for auto-trigger workflows.  Good luck!
    Chris McNulty MCSE/MCTS/MSA/MVTSP | blog http://www.chrismcnulty.net/blog | twitter @cmcnulty2000 Microsoft Community Contributor Award 2011
    Hi, I have the same problem. Except that I am not using an email to create a new item. The item is created by members of a SharePoint group that have Contribute access to the list. When use the same settings i.e.
    Read items that were created by the user and Create items and edit items that were created by the user,
    the workflow does not trigger. If I set it back to Real all items and Create
    and Edit all items, it triggers the workflow.
    Please help me resolve as I have rolled this out to pilot users and am having this trouble.
    Thanks,
    Vishal

  • Add Control Dynamically to SharePoint list page

    I have custom control need to register on the Edit page of the document library. These libraries are already existing on the customer instances. Need to find some way to register and add the control to Edit page of the selected library on the fly programatically
    with SharePoint object model.
    The custom control handles our business logic to redirect the page to site home page.
    Your help is greatly appreciated!!
    Bala

    why you do not change it to a webpart with no UI, if you change it as bellow nothing will displayed:
    SPLimitedWebPartManager wpm = web.GetLimitedWebPartManager(testList.Forms[PAGETYPE.PAGE_EDITFORM].Url, System.Web.UI.WebControls.WebParts.PersonalizationScope.Shared);
    myWebPartClassName Webpart = new myWebPartClassName();
    Webpart.ChromeType = PartChromeType.None;
    wpm.AddWebPart(Webpart, "header", 0);
    if you want to use just controls see my answer in 
    Modifying Allitems.aspx using DelegateControls
    yaşamak bir eylemdir

  • Controlling permissions on files within Document Libraries

    We're using a document library with a workflow that automates all the handling for internal documents.
    One of the requierements for this system is that documents have to be only visible to certain people depending on the stage of the process that the docoment's in, I almost accomplished this by changing each element permissions using a 2010 Workflow, but
    there's a problem: Whenever a user uploads a new document, Sharepoint automatically locks it for edition, so the workflow can't change permissions as the file is uploaded, thus leaving the files visible for everyone in the system.
    Is there any way in which I can set the default permision so that only the user who uploaded the file can see it? This way only that user could see the file while the workflow can get access to it and set the proper permissions.
    Also, any other approach to this problem would be highly appreciated.
    Thanks!

    I'm not usually a fan of this approach, but have you tried moving the document among several appropriately permission restricted locations, corresponding to each step in the process?  Would that be an option?
    Chris
    Chris McNulty MCSE/MCTS/MSA/MVTSP | blog http://www.chrismcnulty.net/blog | twitter @cmcnulty2000 Microsoft Community Contributor Award 2011

  • Infopath Treeview Control - Form List SharePoint

    Anyone know how to use the "Treeview Control" in a Infopath form linked to a SharePoint 2013 list?
    Torres

    Hi,
    Based on your description, my understanding is that you want to use treeview control in InfoPath 2013.
    Per my knowledge, There is no treeview control in Infopath 2013. Have you used the solution from third party? if it is , I suggest that you seek the third party for help. 
    Besides, here is a similar post, you can take a look at:
    http://www.infopathdev.com/forums/p/8978/80652.aspx
    Best Regards,
    Lisa Chen
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Lisa Chen
    TechNet Community Support

  • How to access to EM Grid control from outside browser

    I want to access to EM Grid Control console from an other place, outside of my office but I can't, I configured my firewall with the default ports 1159,1830.
    I don't know if I have to add other port, I can't understand because I Have an other application e-business that I can access without any problems.

    You can get to grid control within your office?
    Try using the SECURE connection
    https://host.port#/em

  • List all users with full control on a SharePoint 2013 Sub site from SharePoint Object Model in C#

    If I have a sub site URL and a user with Site Admin, can I list all users in that sub site that have Full Control at that level?
    Any C# code sample?

    Still you can do that, just pass the subsites to your code and from their you can find the users dynamically.
    You could also use SPWeb.Users property to get users assigned to a subsite
    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.users(v=office.15).aspx
    alternatively you can also use SPWeb.SiteUsers to get all users
    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.siteusers(v=office.15).aspx
    other APIs of help-
    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.associatedmembergroup(v=office.15).aspx
    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.associatedownergroup(v=office.15).aspx
    http://sharepoint.stackexchange.com/questions/101671/object-model-list-all-users-with-full-control-on-a-sub-site-in-sharepoint-2013
    Hope this helps!
    Ram - SharePoint Architect
    Blog - SharePointDeveloper.in
    Please vote or mark your question answered, if my reply helps you

  • POSIX permissions on SharePoints

    Hi,
    I am in the process of setting up my very first OS X Server. First problem I just can't figure out: I have a Sharepoint for one of the groups I set up. Everybody in that group can mount it, write/read etc, its working wonderfully. But one of the users in that group also needs to run POSIX programs on the server itself, so I made a local account on the server for him to log in on (and paired it with the appropriate server account, whatever that actually does). From here he can read all the files, but can't delete or write anything in that share. From what I understand, the access through the Sharepoint is using ACLs, while the local POSIX apps are using POSIX permissions and those are set to be r/w to the owner (which might or might not be him) and read-only for group and others. Any change made through the mount would again set the permissions that way. The programs won't work that way..
    The only "solution" I can think of would be to change the POSIX-permissions around every time its needed, but that is less than ideal.
    Any ideas?
    Thanks,
    Dix

    ...so I made a local account on the server for him to log in on (and paired it with the appropriate server account, whatever that actually does). From here he can read all the files, but can't delete or write anything in that share.
    If you have the user in a local account you can add him to the local group that 'owns' the folder and he will have the same permissions as the local group. If the folder is owned by the local 'admin' group, which would be the default, you may want to change the local group ownership to a different local group and add the user to that group. The ACL on the folder would still apply for the AFP users so their access would unaffected.

  • Send As and Full Controll permissions not working in OWA

    I have an exchange 2013 enviroment where I work with send as and full access permisions via Active Directory groups.
    I have given the group FC on a shared maibox and in outlook, the user who is member of this group can open the additional mailbox.
    In owa the same user cannot open the additional mailbox, exept when I give the user directly FC on this mailbox.
    How do I configure Exchange so the user can access the additional mailbox in owa, without giving him directly FC permissions.
    btw In an exchange 2010 enviroment this issue is not there.

    Hi,
    From your description, I recommend you restart IIS by running IISReset from a command prompt and check the result. I see others have the same issue, they resolve it by running IISReset.
    Here is a thread for your reference.
    Exchange 2013 OWA HTTP 500 error when opening another mailbox
    http://social.technet.microsoft.com/Forums/exchange/en-US/9345d396-b5a6-4d26-a498-7d1539f85d13/exchange-2013-owa-http-500-error-when-opening-another-mailbox?forum=exchangesvrclients
    Hope it helps.
    If there is any problem, please feel free to let me know.
    Best regards,
    Amy
    Amy Wang
    TechNet Community Support

Maybe you are looking for

  • Function sequence error

    Hi Chris, we where using this Java code with TimesTen 5.1.34: while (rs.next()) { associatedMsbs.add(Integer.toString(rs.getInt(HGROUPID))); // Prepare object to insert in database SvcLog_VO svcLog = new SvcLog_VO(); svcLog.setLogId(svcLogDAO.getlogI

  • How to block software installation in Windows 7?

    How to block Software installation in Windows 7 by using Windows Firewall ? How to block Software installation in Windows 7 by using Group Policy ?

  • Why my clients are not receiving KB943729? Logs on the replica server indicate they are being received properly.

    Hello Everyone. Thank you very much for looking into this, Let me explain a little bit of the big corporate picture, we have one main upstream server, and 50+ replica server that monthly receives updates from our upstream server. my boss asked me to

  • Installation of Solution Manager

    Please understand that I am very new at this so if this question causes a laugh then I do not mind - as long as I get the clarification of where I am going wrong smile. I need to install solution manager on V5R4. According to the latest on SAP that i

  • Valuation price of Purchase requisition

    Dear Friends, When i create the purchase order with reference to Purchase requisition i.e i dragged the purchase requisition from document over view to box,then all the data is copying except valuation price mentioned in the purchase requisiton. Valu