Control permissions outside SharePoint
We have a application with SharePoint 2013.
We have other external application with a users authentications (names, passwords, and other properties).
The external application its responsible to the user authentication at all system of company. Now we have to use this same application to manage the permissions of access at SharePoint 2013 site. In other words, we will not use the permission levels in sites,
lists and libraries inside SharePoint, but we will use the assigned permissions at external service. The Administrator will set at the external system if a user has read permission ou colaboration at a determined site and when the user authenticate, the
user will use that assigned access permissions.
Is it possible to break the default role permission of SharePoint and do this permission management using na API provides from the web servisse and/or using custom SharePoint Apps?
The same question: Can I control the permission level of users in a Team Site of SharePoint 2013 getting the permission level from a external system consulting a web service.
We are disposed to use FBA, NTLM but we need the control the permission outside SharePoint not the authentication method.
Thanks for any advice!
Diego Ferreira
Yeah... well... I'm sure there's a good reason why your company is trying to make SharePoint do something it's not designed to do. What you're proposing to "break" is such a fundamental part of SharePoint that it hardly makes any sense to do so. The
best approach is to use your external system for user authentication such as SiteMinder, and then using Claims Based Auth, manage access in SharePoint. It makes zero sense to try and manage access from outside of SharePoint.
For claims auth, start here: http://technet.microsoft.com/en-us/library/jj219758.aspx
I trust that answers your question...
Thanks
C
|
RSS |
http://crayveon.com/blog |
SharePoint Scripts | Twitter |
Google+ | LinkedIn |
Facebook | Quix Utilities for SharePoint
Similar Messages
-
BatteryWatch is requesting changes to its application control permissions
I am using an ad-supported application called BatteryWatch (1.9.7) and everything used to be fine.
Now, however, everytime I open it I get the request "BatteryWatch is requesting changes to its application control permissions."
No matter how I change the permissions, this message ALWAYS appears.
The strange thing is that it didn't use to happen before.
Since the time that it was working I have updated the application, updated Blackberry App World and I think the company might have moved onto BES/BIS(?).
Any idea how I can stop this message appearing?Hi and Welcome to the Community!
If your company indeed did move to BES and if indeed your BB has been activated on BES, then BES could be pushing out specific control permissions that are in conflict with what that app thinks it needs...and BES will win every time. So, when you launch the app, it prompts for a change to the permissions to what it thinks it needs...but, since BES is in control, it can't actually change the permission, and prompts again the next time.
Basically, there is nothing you can do...BES wins every time.
Good luck!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
AD RMS 2012 IRM permissions for SharePoint 2013 Library
Hello guys
Please, someone knows a technet document about IRM permissions for SharePoint 2013 Library,
specifically?
thanks a lot.
EdwardHi I suggest you check out
http://channel9.msdn.com/Events/SharePoint-Conference/2012/SPC073 it is a video recording but really interesting one. Also take a look at:
http://technet.microsoft.com/en-us/library/jj219596%28v=office.15%29.aspx
http://technet.microsoft.com/en-us/library/jj219785%28v=office.15%29.aspx
Finally a great write-up is provided by Titus:
http://www.titus.com/blog/2012/11/spc12-diary-day-5-%E2%80%93-information-rights-management-in-sharepoint-2013/
HTH
Martin -
Performance Point - need to limit permissions to Sharepoint lists
I set up Performance Point Dashboard Designer.
And as per Microsoft's instructions, I set up an Unattended Service Account for the Performance Point Service Application.
And I gave this account read permissions under the Web Application's "User Policy".
However, this gives a user access to see all sharepoint lists when they're creating a data source.
When a user is creating a data source in Dashboard Designer, I want to limit their permissions to SharePoint lists to only what they normally have access to on the SharePoint sites.
How can I configure Performance Point service application another way , instead of using an unattended service account?
Please help!
thanks!
Also want to mention that I have Business Intelligence Centre set up as a Site Collection, and I only gave this user "Contribute" permissions, but it still gives them access to see everything in SharePoint sites when they create a data source,
which shouldn't be!!
How can I get it to reflect the same permissions that the user has in SharePoint? They shouldn't see Lists that they don't have access to.Does anyone know how to limit permissions for Dashboard Designer??
any help would be greatly appreciated!!! -
Modifying Base Permissions in SharePoint Online
Hi,
I am new to SharePoint and trying to understand the security model of SharePoint 2013. As far as I understand, Base Permissions in SharePoint cannot be modified either via UI or via APIs. However, Permissions levels (combination of base permissions) can
be modified either ways.
If the Base Permissions can really be modified, how can it be done using the REST APIs?
Thanks,
VibhutiBase Permissions can not be modified in SharePoint 2013. Permission Levels are a named collection of Base Permissions. Although you can modify some of the built-in permission levels I recommend always creating a copy and modifying the copy
rather than modifying the original permission level.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
Enable or disable button on a ribbon based on user permissions in SharePoint 2010
Hi,
I have requirement to find a way to disable Inheritance, Add and Modify group from permission tab for users who are not added into specific group e.g. Administrators
I have followed the following article to create a feature but have encountered few issues:
http://msdn.microsoft.com/en-us/library/ff408060.aspx
Issues:
I used the above code as a sample to create a feature and test if it would work. It worked fine but even though i have replaced Location="Ribbon.Library.Actions.ConnectToClient" with my permission locations,
Connect to Outlook button still doesn't appear when the feature is activated. If i deactive this feature it shows
Connect to Outlook button even though there is no reference for this in the code!
I have modified the Elements.XML and have added the following code but it still disables the buttons for a user who has Site Collection Administrator permissions, i just want to disable this for users who are in particular group:
<?xml version="1.0" encoding="utf-8"?>
<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
<CustomAction
Id="RemoveRibbonButton"
Location="CommandUI.Ribbon"
RequireSiteAdministrator = "TRUE"
>
<CommandUIExtension>
<CommandUIDefinitions>
<CommandUIDefinition
Location="Ribbon.Permission.Modify" />
</CommandUIDefinitions>
</CommandUIExtension>
</CustomAction>
<CustomAction
Id="RemoveRibbonButton"
Location="CommandUI.Ribbon"
RequireSiteAdministrator = "TRUE"
>
<CommandUIExtension>
<CommandUIDefinitions>
<CommandUIDefinition
Location="Ribbon.Permission.Add" />
</CommandUIDefinitions>
</CommandUIExtension>
</CustomAction>
</Elements>
I have also have another issue when this feature is activated even though i haven't removed 'Check' and 'Manage' Ribbon locations, they are also greyed out as shown it the screenshot below:
I have also created a user control using the following method:
http://sharepointroot.com/2010/06/18/remove-actions-from-the-ribbon-sharepoint-2010/
But again i need to restrict it specific user group.
Any advice how to do this? or which way is better creating a feature or creating a user control? even though i liked the creating the feature as it gives your more control.
Regards,
KashifThanks for your reply Paul.
I do understand that this is a partial solution and wouldn't stop them completely from doing these actions using different UI but atleast it would remove these options from the ribbon which is causing us some major issues when clicked by mistake especially
'inherit permissions'.
We do have governance policies in place and a certain user group can add and remove users from SP site. But the issue we have currently is that when one of these (authorised) users uses 'inherit permissions from parent' site. This removes the unique
permissions from the subsite and delete all SP groups / permission level in the subsite. In some cases subsite contains confidential information which is then exposed to all the users who have access to the parent site.
The main button which i'm interested to disable is 'Inherit Permissions' which i believe can't be used from anyother UI apart from the ribbon.
I just need to know if it's possible to restrict this for some users or group? even if it just removes it from the ribbon only i would be still interested to explore this implementation.
Any help would be apperciated.
Regards,
Kashif -
How to Add a User Control to a SharePoint 2013 Visual Web Part ?
Hi,
1.I have created SharePoint 2013 Farm Solution through VS 2012.
2.Added visual Web part
3.Created a User control (Farm Solution ) and added some Control From tool Box.
4.Drag and drop user control from solution explorer to visual web part.
so its Register tag and with prefix tag user controls automatically added on visual web part source. when i try to build solution it throws Exception:
Exception :The name 'InitializeControl' does not exist in the current context.
Please Provide solution after try/or proper workaround.
Thanks,
SiddheshwarSite name=http://sitename:22222/
Visual Web part:
<%@ Assembly Name="$SharePoint.Project.AssemblyFullName$" %>
<%@ Assembly Name="Microsoft.Web.CommandUI, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="asp" Namespace="System.Web.UI" Assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Register Tagprefix="WebPartPages" Namespace="Microsoft.SharePoint.WebPartPages" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Src="~/_controltemplates/15/SP2013Controls/SPControls.ascx" TagPrefix="uc1" TagName="SPControls" %>
<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="SPWebpart.ascx.cs" Inherits="SP2013Controls.SPWebpart.SPWebpart" %>
<uc1:SPControls runat="server" id="SPControls" />
User Control Code:
<%@ Assembly Name="$SharePoint.Project.AssemblyFullName$" %>
<%@ Assembly Name="Microsoft.Web.CommandUI, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="asp" Namespace="System.Web.UI" Assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Register Tagprefix="WebPartPages" Namespace="Microsoft.SharePoint.WebPartPages" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="SPControls.ascx.cs" Inherits="SP2013Controls.ControlTemplates.SP2013Controls.SPControls" %>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><asp:Button ID="Button1" runat="server" Text="Button" />
Deployement Location:{SharePointRoot}\Template\ControlTemplates\SP2013Controls\
After User controls added on webpart .g.cs file getting blank.
After 1st Build:
'InitializeControl' does not exist in the current context
The file '/_controltemplates/15/SP2013Controls/SPControls.ascx' does not exist.
after 2nd Build Try:
'InitializeControl' does not exist in the current context -
Workflow not triggering when changing Item-level Permissions in Sharepoint 2013 list
Scenario:
We have a custom list in Sharepoint 2013 that we use for Case Management. We have a workflow that triggers on a created item generated from an email. The user then gets a reply with a link to his own case.
I want the users only to be able to see their own cases and no one elses. When I change this under
Advanced Settings under List Settings and
Item-level Permissions and set them to Read items that were created by the user
and Create items and edit items that were created by the user
the workflow doesn´t trigger.
How can I resolve this? I've tried every possible out-of-the-box permissions but with no result. Help!
Thanks in advance!
// BrowncreekWhen you're testing , remember you cant trigger declarative workflow from the System Account - you need a general user account for auto-trigger workflows. Good luck!
Chris McNulty MCSE/MCTS/MSA/MVTSP | blog http://www.chrismcnulty.net/blog | twitter @cmcnulty2000 Microsoft Community Contributor Award 2011
Hi, I have the same problem. Except that I am not using an email to create a new item. The item is created by members of a SharePoint group that have Contribute access to the list. When use the same settings i.e.
Read items that were created by the user and Create items and edit items that were created by the user,
the workflow does not trigger. If I set it back to Real all items and Create
and Edit all items, it triggers the workflow.
Please help me resolve as I have rolled this out to pilot users and am having this trouble.
Thanks,
Vishal -
Add Control Dynamically to SharePoint list page
I have custom control need to register on the Edit page of the document library. These libraries are already existing on the customer instances. Need to find some way to register and add the control to Edit page of the selected library on the fly programatically
with SharePoint object model.
The custom control handles our business logic to redirect the page to site home page.
Your help is greatly appreciated!!
Balawhy you do not change it to a webpart with no UI, if you change it as bellow nothing will displayed:
SPLimitedWebPartManager wpm = web.GetLimitedWebPartManager(testList.Forms[PAGETYPE.PAGE_EDITFORM].Url, System.Web.UI.WebControls.WebParts.PersonalizationScope.Shared);
myWebPartClassName Webpart = new myWebPartClassName();
Webpart.ChromeType = PartChromeType.None;
wpm.AddWebPart(Webpart, "header", 0);
if you want to use just controls see my answer in
Modifying Allitems.aspx using DelegateControls
yaşamak bir eylemdir -
Controlling permissions on files within Document Libraries
We're using a document library with a workflow that automates all the handling for internal documents.
One of the requierements for this system is that documents have to be only visible to certain people depending on the stage of the process that the docoment's in, I almost accomplished this by changing each element permissions using a 2010 Workflow, but
there's a problem: Whenever a user uploads a new document, Sharepoint automatically locks it for edition, so the workflow can't change permissions as the file is uploaded, thus leaving the files visible for everyone in the system.
Is there any way in which I can set the default permision so that only the user who uploaded the file can see it? This way only that user could see the file while the workflow can get access to it and set the proper permissions.
Also, any other approach to this problem would be highly appreciated.
Thanks!I'm not usually a fan of this approach, but have you tried moving the document among several appropriately permission restricted locations, corresponding to each step in the process? Would that be an option?
Chris
Chris McNulty MCSE/MCTS/MSA/MVTSP | blog http://www.chrismcnulty.net/blog | twitter @cmcnulty2000 Microsoft Community Contributor Award 2011 -
Infopath Treeview Control - Form List SharePoint
Anyone know how to use the "Treeview Control" in a Infopath form linked to a SharePoint 2013 list?
TorresHi,
Based on your description, my understanding is that you want to use treeview control in InfoPath 2013.
Per my knowledge, There is no treeview control in Infopath 2013. Have you used the solution from third party? if it is , I suggest that you seek the third party for help.
Besides, here is a similar post, you can take a look at:
http://www.infopathdev.com/forums/p/8978/80652.aspx
Best Regards,
Lisa Chen
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Lisa Chen
TechNet Community Support -
How to access to EM Grid control from outside browser
I want to access to EM Grid Control console from an other place, outside of my office but I can't, I configured my firewall with the default ports 1159,1830.
I don't know if I have to add other port, I can't understand because I Have an other application e-business that I can access without any problems.You can get to grid control within your office?
Try using the SECURE connection
https://host.port#/em -
If I have a sub site URL and a user with Site Admin, can I list all users in that sub site that have Full Control at that level?
Any C# code sample?Still you can do that, just pass the subsites to your code and from their you can find the users dynamically.
You could also use SPWeb.Users property to get users assigned to a subsite
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.users(v=office.15).aspx
alternatively you can also use SPWeb.SiteUsers to get all users
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.siteusers(v=office.15).aspx
other APIs of help-
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.associatedmembergroup(v=office.15).aspx
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.associatedownergroup(v=office.15).aspx
http://sharepoint.stackexchange.com/questions/101671/object-model-list-all-users-with-full-control-on-a-sub-site-in-sharepoint-2013
Hope this helps!
Ram - SharePoint Architect
Blog - SharePointDeveloper.in
Please vote or mark your question answered, if my reply helps you -
POSIX permissions on SharePoints
Hi,
I am in the process of setting up my very first OS X Server. First problem I just can't figure out: I have a Sharepoint for one of the groups I set up. Everybody in that group can mount it, write/read etc, its working wonderfully. But one of the users in that group also needs to run POSIX programs on the server itself, so I made a local account on the server for him to log in on (and paired it with the appropriate server account, whatever that actually does). From here he can read all the files, but can't delete or write anything in that share. From what I understand, the access through the Sharepoint is using ACLs, while the local POSIX apps are using POSIX permissions and those are set to be r/w to the owner (which might or might not be him) and read-only for group and others. Any change made through the mount would again set the permissions that way. The programs won't work that way..
The only "solution" I can think of would be to change the POSIX-permissions around every time its needed, but that is less than ideal.
Any ideas?
Thanks,
Dix...so I made a local account on the server for him to log in on (and paired it with the appropriate server account, whatever that actually does). From here he can read all the files, but can't delete or write anything in that share.
If you have the user in a local account you can add him to the local group that 'owns' the folder and he will have the same permissions as the local group. If the folder is owned by the local 'admin' group, which would be the default, you may want to change the local group ownership to a different local group and add the user to that group. The ACL on the folder would still apply for the AFP users so their access would unaffected. -
Send As and Full Controll permissions not working in OWA
I have an exchange 2013 enviroment where I work with send as and full access permisions via Active Directory groups.
I have given the group FC on a shared maibox and in outlook, the user who is member of this group can open the additional mailbox.
In owa the same user cannot open the additional mailbox, exept when I give the user directly FC on this mailbox.
How do I configure Exchange so the user can access the additional mailbox in owa, without giving him directly FC permissions.
btw In an exchange 2010 enviroment this issue is not there.Hi,
From your description, I recommend you restart IIS by running IISReset from a command prompt and check the result. I see others have the same issue, they resolve it by running IISReset.
Here is a thread for your reference.
Exchange 2013 OWA HTTP 500 error when opening another mailbox
http://social.technet.microsoft.com/Forums/exchange/en-US/9345d396-b5a6-4d26-a498-7d1539f85d13/exchange-2013-owa-http-500-error-when-opening-another-mailbox?forum=exchangesvrclients
Hope it helps.
If there is any problem, please feel free to let me know.
Best regards,
Amy
Amy Wang
TechNet Community Support
Maybe you are looking for
-
Hi Chris, we where using this Java code with TimesTen 5.1.34: while (rs.next()) { associatedMsbs.add(Integer.toString(rs.getInt(HGROUPID))); // Prepare object to insert in database SvcLog_VO svcLog = new SvcLog_VO(); svcLog.setLogId(svcLogDAO.getlogI
-
How to block software installation in Windows 7?
How to block Software installation in Windows 7 by using Windows Firewall ? How to block Software installation in Windows 7 by using Group Policy ?
-
Hello Everyone. Thank you very much for looking into this, Let me explain a little bit of the big corporate picture, we have one main upstream server, and 50+ replica server that monthly receives updates from our upstream server. my boss asked me to
-
Installation of Solution Manager
Please understand that I am very new at this so if this question causes a laugh then I do not mind - as long as I get the clarification of where I am going wrong smile. I need to install solution manager on V5R4. According to the latest on SAP that i
-
Valuation price of Purchase requisition
Dear Friends, When i create the purchase order with reference to Purchase requisition i.e i dragged the purchase requisition from document over view to box,then all the data is copying except valuation price mentioned in the purchase requisiton. Valu