Most security models assume the existence of
users and groups of users. Different users require different sets of
permissions to perform their work, depending on the level of access to
data in the system.
At the basic level, a user of SharePoint is an
“identity.” User identity typically consists of various attributes that
describe the user with access to the SharePoint site collection.
SharePoint retains minimal information about a user to distinguish one
user from another, which typically involves the username, password, and
display name from the credential store that the user authenticates
(Active Directory). SharePoint 2007 classified users using either the
Active Directory username DOMAIN\username
or a username with membership provider prefix. SharePoint 2010, and now SharePoint
2013, uses Claims-Based-Authentication (CBA), which tracks user
identity via abstract token.
Note With
the exception of administrators, SharePoint maintains topmost user
security at the site collection level. Farm administrators must grant
relevant access to users for each site collection in a web application.
Most users of SharePoint identify other users
by the friendly display name, and, by default, Active Directory uses
the first name and last name. Any object that I modify or own in
SharePoint shows my name as “Rob Garrett,” but under the hood,
SharePoint uses the username or unique token to identify my user
identity.
Users have more than just username, password, and display name attributes in SharePoint.
SharePoint tracks each user added to a site
collection in a hidden list at the root of the site collection. To view
this list, type the following URL into your browser (replacing the
domain name of the server, as appropriate): http://domain_name/_catalogs/users/. Figure 1 shows the user list from within my environment.
