I would like to give only read permission for a user to entire intranet site. The user must be able to read all the list and libraries in all the sites and subsites. I saw posts related to giving permission for a specific list or library but I didn't see any post related to giving read permission for the entire intranet site. I'm using SharePoint 2013.
Thanks
If you mean Read access to everything in a single site collection, then that is hard to give generic advice to because assorted list, libraries and subwebs can have broken the permission inheritance such that it would be impossible for an outsider to tell you which groups this person needs to be a member of.
Now if you mean you want a user to have Read access to all site collections within a web application, then that is absolutely something that can be accomplished and it is very easy too. That is done via something called: Policy for Web Applications - https://technet.microsoft.com/en-us/library/ff608071.aspx
Related
I am working on Sharepoint Online. I have a requirement that when a user has no permission to a file, he/she still can see file in search result, but no permission to open the file.
I know there is security trimming in sharepoint search. But is it possible to achieve my requirement?
As Ondrej has said this isn't possible via the OOTB search functionality and this is by design.
If you wanted to be able to see all information returned by search you would need to write something custom and impersonate a user who does have access to the document.
Impersonation of User in office 365/SharePoint online
I'd only do the above in exceptional circumstances.
I would be questioning why you want someone to be able to see something they do not have access to read.
Cheers
Truez
I have a requirement in a Sharepoint 2013 setup wherein I've to give access to external users to a document library. Each User will have a folder by their name, and would be allowed to ACCESS their folder ONLY. They are not even allowed to see each other folder names. They can anytime upload additional or delete the existing documents. External Users are setup using FBA.
Inside the network, there is a Windows user who'll have access to all the folders and documents of that library. I don;t think standard document library can handle this since there is no "Deny View" Permission in Sharepoint.
Sharepoint Folks - Please guide what will be the best way to handle this kind of requirement.
I don't think having a bunch of folders makes sense. However, you could have users upload documents to the shared documents library and have a column in the documents library of the user's username. You could then create a content query on that list to query documents that the current user uploaded. You could then replicate a "folder" type of feel by creating this page, styling it, and directing all users to it.
Let me know what you think of that.
There actually is a way to deny all users. Remove the Authenticated Users, and Remove Anonymous Access from the Library. I agree, that using folders is the wrong idea here. Folders can cause much more harm than help in certain situations.
Create a site to hold multiple libraries, or disinherit the site, remove everyone not essential to the libraries, and use it as a container for the document libraries. Each library can still have it's own unique permissions, and without Authenticated or Anonymous, you'r essentially telling SharePoint that none has access except for the users specified in the ACL's on that library.
You COULD leave the permissions intact on the site and powershell the creation of the document libraries within the site, assigning custom permissions.
We have two zones - Default is Claims based and Custom is NTLM - this one is used for crawling.
My issue is that when I search under anonymous user - the protected content is returned, even though when I try to click the link - it gives me permission error (which is good).
Any ideas?
this may solve your problem.
It defines the problem that, old crawl data is still on. That a new crawl will solve it.
If it does not, may be you should check your data's permissions that no anonymous user has view permission on it.
And, although it is not related to your question about sharepoint 2010, this can help MOSS 2007 users if needed.
I have a specific requirement where-in I want only the uploader of the document and a specific team to be able to view it in list / library. 1) is it possible? 2) If yes, how...?
Ok. So I was able to resolve my issue with the steps mentioned below. Soon will be documenting it in form of a blog and share it:
Created the document library and modified the default view to only show documents that were created by/modified by [Me].
Added a new web page to the library and gave exclusive rights to access that to a certain set of users.
Restricted all users from creating a view with the help of creating special permission level where user only had access to upload or delete a document but not creating/updating/deleting lists/views. Also disabled private view creation.
Hope this may be helpful to others too who are looking for restricted views / disabling view creation.
You need to set item level permission through event handler:
http://www.chakkaradeep.com/post/SharePoint-ndash3b-Setting-Item-level-permission.aspx
http://msdnvietnam.net/blogs/quang/archive/2009/07/02/sharepoint-eventhandler-set-item-level-permission.aspx
#Ashish, in SharePoint 2007 GUI you cannot make a query that will show documents that belongs to a specific group, however CAML specification supports it (Membership tag), it wasn't documented until SP2010, but it works on SP2007 (i'm using it)
However this involves custom coding and this doesn't assign permissions automatically, it just enables you to filter documents by groups.
For a solution without custom coding you could consider making a seperate folder/list for every person/group and set permissions to folder/list accordingly. This will also help performance - it's better to have permissions set on high-level container than having fine grained permissions (i'm just assuming that, because i read everywhere that mass fine-grained permissions are bad for performance)
You may use current user filter web part to filter the document by whom logged in into the sharepoint site by passing the value Dispaly Name
We're planning to use Sharepoint 2010 as a CMS for a website we're building. This site will also have login functionality; and my boss suggested we use Sharepoint's user profile features to store user info (username, password, contact info, etc.) for the site. How is this better then say using a standard list or a database table somewhere? I'm looking into how this could possibly work; but has anyone here tried something similar? Any anecdotes about it you could share? Any constructive input is greatly appreciated.
Thanks,
Frank
You asked for anecdotes. I have an anecdote.
A while back, I was trying to set up a Sharepoint server that exposed users' personal pages to the Internet at large. We wanted to allow authenticated access, but not to require it; that is to say, normal users would have read-only access and additionally the ability to submit InfoPath form data to Sharepoint libraries created to receive the results. The users could thus post public information and create public surveys using Infopath web forms.
When I went to make access public, I ran into a few problems. The "unauthenticated users" option on the preferences page of the document library was greyed out, even when I was logged in with a super-admin account.
In the end, I had to do a little bit of URL hacking to make this work. I had to change "DOC" to "DOCLIST" in the URL I used to access the preferences page (not that exactly, but something like that) and then the "everyone" option became available. In other words, there was actually no official way to do what I was trying to do.
The whole thing left a really sour taste in my mouth about Sharepoint for Internet-facing sites. See also things like this. Sharepoint is really designed for Intranet use only. As an additional downside, it is much more resource-hungry than normal CMSen. A full Sharepoint install can, without a single user, choke a pretty powerful virtual machine. I can't comment on its scalability as I've never done a really large rollout, but I can say that the indexing service is pretty heavy on the CPU.
Seems to me that LDAP would be a better way to store information on users; if you're using Sharepoint, you've probably already got an AD infrastructure. AD stores user profile info in LDAP anyhow - what you see in "Active Directory Users and Computers" is just a glorified LDAP browser.
Here is my initial toughts:
PRO: It's "easy" to merge infomation from outer sources like your AD, to be stored with the "other" user information in order to be displayed using the same means.
CON: I haven't come across a FBA Membership provider for User Profile Store.