I have a couple different Sharepoint pages (Sharepoint Word docs) all with roughly the same purpose and information, but for management reasons, some of it needs to be restricted from a certain set of users. We keep having to update each page in several different places any time a single change or update is made.
It'd be easier to be able to mark certain tables on a single page with specific permissions. Is that something Sharepoint can even do, though?
Providing you have an enterprise license for on-premise the best way to achieve this is by using targeted audience feature on the webparts.
You could check SecurityTrimmedControl, you could hide the content based on user permission.
https://rijsat.wordpress.com/2016/10/27/security-trimmed-control-in-sharepoint-2013/
Related
I am trying to set up dynamics for a call centre that just wants to do cas management. How do I turn off these things off so there is no evidence of them for a user of the system?
A good place to start would be to edit the SiteMap.
There is a project on codeplex which might be helpful, otherwise you can find good guides dotted around the place:
Editing the SiteMap
Editing the SiteMap 2
With this you could hide Sales & Marketing, which would be a good start. You may also want to look at amending permissions for Leads/Opportunities which can be done by editing security roles. This will help nosey/inquisitive users from creating records if they find links elsewhere.
I presume that you are referring to the subsections of the native CRM navigation structure which shows Workplace, Sales, Marketing, Service and Settings.
Visibility of these areas can be driven in two different ways. You may choose to employ both methods.
Firstly record-type visibility is governed by a user's permissions. Remove a users read access to Invoices for example and it will cease to appear as a navigable option in their UI. Similarly the sub-areas that I previously mentioned will cease to appear if a user has no access to any of the record types that it contains.
consequently it may be possible to achieve some of your aims by giving users the least possible permissions required to do their job (though you should be doing this anyway really) by granting the correct ouot-of-the-box roles or cloning and customising one of those roles. The problem is that the Sales section , for example, contains record types that your users will need to see, e.g. contacts. you won't be able to revoke access to contacts so you'll likely need technique #2 as well:
The CRM sitemap can be customized to contain whatever you want and can even contain new areas. One feature available is to alter or create rules that show/hide areas based on record permissions. I'd recommend downloading the Visual SiteMap Editor and read this part of the CRM SDK
We'd like to create a web page that will list all Document libraries across all sharePoint Sites for the user currently accessing the page. We'd also like to offer a all site search for the user. That is all sites they have access to.
We currently do not have Mysites enabled, nor do we want to.
Possilbe to code this?
All site search is easy. If you are using the non-free version of SharePoint 2007 or 2010, then that capability is baked into the product. Users can use the search scopes to search across all content in the SharePoint farm. It will automatically trim search results that users don't have access to.
As for you list of all document libraries, this would probably be too much effort to generate in real time for any non-trivial SharePoint environment. You are most likely going to have to gather this information ahead of time and then display the appropriate summary of the data in a WebPart of some other similar interface. Code to crawl every web application and every site and every sub-site and then every Document Library isn't hard. Actually it is very straightforward. What will be a little tricky is that you will need to collect ACL entries for each of these lists so that you can compare them to the current end user. The real trick is that the ACLs might contain SharePoint Group names and Active Directory group names instead of individual end user names. That will make your reporting task more difficult.
I am developing a sharepoint 2010 project.
I want to restrict users view on lists based on their identity. (e.g. the branch of organization they work in, but in fact the ristrictions can be more complicated).
What solutions do you recommend?
With out of the box features this is not possible. You can go to great lengths to remove the list's view selectors and other navigational elements that let people cruise around a the schema and metadata for a list but it is not a security mechanism.
If a user has read permissions to an item, they'll have read access to all the fields of that item.
There is an outside chance that it you disabled all RPC mechanisms, SOAP, RESTful web services, Client Object Model and the office clients that you might be able to claim this as a security mechanism. If you don't there will always be a way around your "security" scheme.
This feature can't be implemented by SharePoint by now and I think neither for the next version
You can use a third part tool to achieve it, such as BoostSolutions' Column/View Permission or LightningTools' DeliverPoint
BTW, I work for BoostSolutions and I mentioned our own product because it works for your issue. Hope it helps :)
create sharepoint groups based upon your requirement or diffrent type of user base and accordingly give them rights may be item level or on complete list
and while doing these things just go through the following posts
http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/
http://weblogs.asp.net/erobillard/archive/2008/09/11/sharepoint-security-hard-limits-and-recommended-practices.aspx
Not 100% sure on SharePoint 2010, but definitley for SharePoint 2007, there is not a way to do this, especially if the views are corresponding to security requirements on the columns users are able to see.
One way to work around this is have the list be not accessible by users, and then have code logic allow for access to the data creating the different "views" on the data in something like a Web Part. The downsides to this is search becomes an issue (since the data is hidden) and having multiple "views" of the data (if necessary) is also another item to work through.
I know its a very old question but posting it as it might help someone.
There is an work around to do it as described here
I find it easier, if possible, to create the view and lock it with the filters on the list settings page.
For example, I have a list of employees that includes their employee IDs. I use that list on other pages to gather data in other webparts. So I filter the employee list to [ME]. So the data is available to the page needing it to filter others and they cannot see anything else.
Now, what about the person who needs to manage that page? I create a view, call it HR. That view can see everything. Then I export that webpart with that list view on it through the designer. I then delete the HR view from the employee list.
This leaves no way for anyone to switch views and see everything again. I create a webpart page for the person who manages it, and I upload that webpart and set the view of the webpart to HR. In the end, I have a page that I lock down instead of trying to lock down views or list permissions separately.
Would you be able to have two lists that are joined. One that all users have access to and another that only certain people have access to, and then join them? Then maybe the people that don't have access to the other table it doesn't pull the information? Not sure, but I'll try that out later today.
In SharePoint 2010, what are the best practices for trimming content on a single page based on group? For example, I have two types of customers that each belong to a different group. I only want customer 1 to see their content (links, text, etc), and I only want group 2 to see their content. I could put this content on separate pages, but some customers will belong to both groups, and it makes sense to display all of this info on the same page.
Depends how much of an issue Security is.
You could use Audiences to restrict content displayed with the Content Query Web Part - but this is not a security restriction.
Another option is to store the content is separate lists, with permissions restrictions on the lists, and surface the information through CQWPs, standard List Views or XsltListViewWebParts.
However back in SharePoint 2010 Beta an error was thrown if there was a web part pointing to a list you didn't have access to now, but I'm not sure if that was fixed as a bug or if it remains as a feature.
I think this page will provide the answer you're looking for, so long as you can use SharePoint designer:
https://www.nothingbutsharepoint.com/sites/eusp/pages/jquery-to-the-rescue-displayinghiding-content-based-on-user-permissions-or-when-edit-items-permissions-dont-work.aspx
I have created a webpart annual results.This should be available only to managers and not for developers in the home page.How to achieve it?
If you're using MOSS then you can use audience targeting, but be aware that this should only be used as a way to help people notice what's important to them not as a mean of authorizing what they can see.
If you're using WSS then you'll have to write code in the webpart to achive the same functionallity
Per Jakobsen is right, however that is still "security by obscurity". If the data is being pulled from a SharePoint list then consider security that list or the list items within that list, your users who don't have rights will still see the web part but they won't see any data.