IT tutorials
 
Technology
 

Sharepoint 2013 : Authentication and authorization infrastructure (part 4) - Authorization infrastructure

9/17/2013 7:51:53 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

4. Authorization infrastructure

No matter which authentication mode and methods you choose, authorization in SharePoint is always managed the same way. This is a great feature that makes life easier for SharePoint administrators, because they do not need to care about the front-end authentication environment.

Authorization in SharePoint is based on permission levels, which are a formal definition of a set of permissions. Permission levels can be assigned to users (SPUser) or groups (SPGroup). Both SPUser and SPGroup inherit from SPPrincipal, which is the base class for every principal in SharePoint, including app principals. The permission is the low-level item from an authorization viewpoint. SharePoint defines many permissions, and Table 1 presents the full list, in the same order as they are defined in the SharePoint management interface. Consider that these permissions cannot be customized or extended. However, it’s unlikely that you would need to customize them because they cover a very wide range of needs.

Table 1. The list of permissions defined in SharePoint 2013

Permission

Description

Manage Lists

Allows you to create and delete lists, add or remove columns in a list, and add or remove public views of a list.

Override Check Out

Allows you to discard or check in a document that is checked out to another user.

Add Items

Allows you to add items to lists and add documents to document libraries.

Edit Items

Allows you to edit items in lists, edit documents in document libraries, and customize Web Part pages in document libraries.

Delete Items

Allows you to delete items from a list and documents from a document library.

View Items

Allows you to view items in lists and documents in document libraries.

Approve Items

Allows you to approve a minor version of a list item or document.

Open Items

Allows you to view the source of documents with server-side file handlers.

View Versions

Allows you to view past versions of a list item or document.

Delete Versions

Allows you to delete past versions of a list item or document.

Create Alerts

Allows you to create alerts.

View Application Pages

Allows you to view forms, views, and application pages, and enumerate lists.

Manage Permissions

Allows you to create and change permission levels on the website and assign permissions to users and groups.

View Web Analytics Data

Allows you to view reports on website usage.

Create Subsites

Allows you to create subsites such as team sites, meeting workspace sites, and document workspace sites.

Manage Web Site

Grants the ability to perform all administration tasks for the website, as well as manage content.

Add and Customize Pages

Allows you to add, change, or delete HTML pages or Web Part pages, and edit the website using a SharePoint Foundation–compatible editor.

Apply Themes and Borders

Allows you to apply a theme or borders to the entire website.

Apply Style Sheets

Allows you to apply a style sheet (CSS file) to the website.

Create Groups

Allows you to create a group of users that can be used anywhere within the site collection.

Browse Directories

Allows you to enumerate files and folders in a website using SharePoint Designer and WebDAV interfaces.

Use Self-Service Site Creation

Allows you to create a website using self-service site creation.

View Pages

Allows you to view pages in a website.

Enumerate Permissions

Allows you to enumerate permissions on the website, list, folder, document, or list item.

Browse User Information

Allows you to view information about users of the website.

Manage Alerts

Allows you to manage alerts for all users of the website.

Use Remote Interfaces

Allows you to use SOAP, WebDAV, the Client Object Model, or SharePoint Designer interfaces to access the website.

Use Client Integration Features

Allows you to use features that launch client applications. Without this permission, users will have to work on documents locally and upload their changes.

Open

Allows users to open a website, list, or folder in order to access items inside that container.

Edit Personal User Information

Allows a user to change his or her own user information, including adding a picture.

Manage Personal Views

Allows you to create, change, and delete personal views of lists.

Add/Remove Personal Web Parts

Allows you to add or remove personal Web Parts on a Web Part page.

Update Personal Web Parts

Allows you to update Web Parts to display personalized information.

A permission level is made up of a set of permissions selected from the list in Table 1. SharePoint 2013 defines a default set of seven permission levels:

  • View Only . Allows the user to view pages, list items, and documents. Document types with server-side file handlers can be viewed in the browser but not downloaded.

  • Limited Access . Allows the user to view specific lists, document libraries, list items, folders, or documents when given permissions.

  • Read . Allows the user to view pages and list items, and download documents.

  • Contribute . Allows the user to view, add, update, and delete list items and documents.

  • Edit . Allows the user to add, edit, and delete lists, and view, add, update, and delete list items and documents.

  • Design . Allows the user to view, add, update, delete, approve, and customize pages.

  • Full Control . Gives the user full control.

To configure permission levels for such users, begin on the Site Permissions page, which you can access from the Settings menu (the gear at the top-right of the browser, just beside the user name) on the Site Settings page. Click the Permission Levels ribbon command to display a page in which you can create new permission levels. To create and configure groups, go to the People And Groups page, which you can reach through the Site Settings page.

When you enable anonymous access for a site, you will be able to configure permissions for anonymous users. Figure 7 shows the choices for anonymous access: Nothing (no access), Lists And Libraries (but only those for which anonymous users have been explicitly enabled), and Entire Web Site. This page also provides an option to determine whether anonymous users will be able to access remote client APIs anonymously. Consider that an anonymous user does not have any claim assigned, but he or she is still represented by a ClaimsIdentity and a ClaimsPrincipal, in case of claims-based authentication mode.

A screen shot of the page for configuring permissions for anonymous users while accessing a specific site collection. There are three options—Entire Web Site, Lists And Libraries, and Nothing—as well as a flag for enabling or disabling anonymous access to the remote client APIs.

Figure 7. The Anonymous Access page for configuring anonymous access permissions.

Note

After you define permission levels and assign them to users or groups, you can also override default permissions at the list or library level, or even at the single-item level. Because webpages are items, as are documents and general list items, you can configure permissions at the single-page level, too.
 
Others
 
- Sharepoint 2013 : Authentication and authorization infrastructure (part 3) - Configuring FBA with SQL Membership Provider
- Sharepoint 2013 : Authentication and authorization infrastructure (part 2) - Claims-based authentication types
- Sharepoint 2013 : Authentication and authorization infrastructure (part 1) - Authentication infrastructure
- Windows 8 : Managing Disk Compression and File Encryption (part 2) - Encrypting Drives and Data
- Windows 8 : Managing Disk Compression and File Encryption (part 1) - Compressing Drives and Data
- Windows 8 : Managing Disk Drives and File Systems - Working with Removable Storage Devices, Working with Data Discs
- Sharepoint 2010 : Business Connectivity Services - The BCS Object Model
- Sharepoint 2010 : Business Connectivity Services - BCS with Visual Studio 2010
- Sharepoint 2010 : Business Connectivity Services - BCS and SharePoint Designer
- Windows Phone 8 : Services - Consuming OData (part 2) - Generating a Service Reference for OData, Retrieving Data, Updating Data
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us