I have modified my MOSS 2007 configuration to query a given target AD successfully. I would like to show some custom LDAP fields (such as country) in the PeopleEditor control and allow users to search against these fields. Can someone point me towards useful resources/tutorials showing how to do this?
Thanks, MagicAndi.
You need to inherit from the EntityEditor control (just as PeopleEditor does) and write your own queries and validation.
Some background (read community content):
EntityEditorWithPicker
PickerDialog
SimpleQueryControl
Along with these links and carefully studying the PeopleEditor control with Reflector, another good resource is this blog post from Igor Kozlov. There's a less detailed but still useful example on MSDN here.
I'm working on a CodePlex project that queries any given Active Directory from a people picker. It's well documented and combines techniques from the various references out on the web (giving credit of course). Hope it helps someone as well!
A first step should be to map the fields form the AD to a attribute in the SharePoint user profile. You can do this in the configuration of the Share Service Provider (Central Administration > Shared Services > User Profiles and Properties).
There you add a new attribute and define which AD field should be mapped to it. You can also define which fields the users are allowed to override (but only in SharePoint, it's only a one ways synchronization) and which one are read only.
This blog post shows how to configure the SharePoint search to be able to search users by a custom attribute in the user profile.
I hope this will point you into the right direction.
Related
I am trying to set up dynamics for a call centre that just wants to do cas management. How do I turn off these things off so there is no evidence of them for a user of the system?
A good place to start would be to edit the SiteMap.
There is a project on codeplex which might be helpful, otherwise you can find good guides dotted around the place:
Editing the SiteMap
Editing the SiteMap 2
With this you could hide Sales & Marketing, which would be a good start. You may also want to look at amending permissions for Leads/Opportunities which can be done by editing security roles. This will help nosey/inquisitive users from creating records if they find links elsewhere.
I presume that you are referring to the subsections of the native CRM navigation structure which shows Workplace, Sales, Marketing, Service and Settings.
Visibility of these areas can be driven in two different ways. You may choose to employ both methods.
Firstly record-type visibility is governed by a user's permissions. Remove a users read access to Invoices for example and it will cease to appear as a navigable option in their UI. Similarly the sub-areas that I previously mentioned will cease to appear if a user has no access to any of the record types that it contains.
consequently it may be possible to achieve some of your aims by giving users the least possible permissions required to do their job (though you should be doing this anyway really) by granting the correct ouot-of-the-box roles or cloning and customising one of those roles. The problem is that the Sales section , for example, contains record types that your users will need to see, e.g. contacts. you won't be able to revoke access to contacts so you'll likely need technique #2 as well:
The CRM sitemap can be customized to contain whatever you want and can even contain new areas. One feature available is to alter or create rules that show/hide areas based on record permissions. I'd recommend downloading the Visual SiteMap Editor and read this part of the CRM SDK
I have a specific requirement where-in I want only the uploader of the document and a specific team to be able to view it in list / library. 1) is it possible? 2) If yes, how...?
Ok. So I was able to resolve my issue with the steps mentioned below. Soon will be documenting it in form of a blog and share it:
Created the document library and modified the default view to only show documents that were created by/modified by [Me].
Added a new web page to the library and gave exclusive rights to access that to a certain set of users.
Restricted all users from creating a view with the help of creating special permission level where user only had access to upload or delete a document but not creating/updating/deleting lists/views. Also disabled private view creation.
Hope this may be helpful to others too who are looking for restricted views / disabling view creation.
You need to set item level permission through event handler:
http://www.chakkaradeep.com/post/SharePoint-ndash3b-Setting-Item-level-permission.aspx
http://msdnvietnam.net/blogs/quang/archive/2009/07/02/sharepoint-eventhandler-set-item-level-permission.aspx
#Ashish, in SharePoint 2007 GUI you cannot make a query that will show documents that belongs to a specific group, however CAML specification supports it (Membership tag), it wasn't documented until SP2010, but it works on SP2007 (i'm using it)
However this involves custom coding and this doesn't assign permissions automatically, it just enables you to filter documents by groups.
For a solution without custom coding you could consider making a seperate folder/list for every person/group and set permissions to folder/list accordingly. This will also help performance - it's better to have permissions set on high-level container than having fine grained permissions (i'm just assuming that, because i read everywhere that mass fine-grained permissions are bad for performance)
You may use current user filter web part to filter the document by whom logged in into the sharepoint site by passing the value Dispaly Name
I am developing a sharepoint 2010 project.
I want to restrict users view on lists based on their identity. (e.g. the branch of organization they work in, but in fact the ristrictions can be more complicated).
What solutions do you recommend?
With out of the box features this is not possible. You can go to great lengths to remove the list's view selectors and other navigational elements that let people cruise around a the schema and metadata for a list but it is not a security mechanism.
If a user has read permissions to an item, they'll have read access to all the fields of that item.
There is an outside chance that it you disabled all RPC mechanisms, SOAP, RESTful web services, Client Object Model and the office clients that you might be able to claim this as a security mechanism. If you don't there will always be a way around your "security" scheme.
This feature can't be implemented by SharePoint by now and I think neither for the next version
You can use a third part tool to achieve it, such as BoostSolutions' Column/View Permission or LightningTools' DeliverPoint
BTW, I work for BoostSolutions and I mentioned our own product because it works for your issue. Hope it helps :)
create sharepoint groups based upon your requirement or diffrent type of user base and accordingly give them rights may be item level or on complete list
and while doing these things just go through the following posts
http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/
http://weblogs.asp.net/erobillard/archive/2008/09/11/sharepoint-security-hard-limits-and-recommended-practices.aspx
Not 100% sure on SharePoint 2010, but definitley for SharePoint 2007, there is not a way to do this, especially if the views are corresponding to security requirements on the columns users are able to see.
One way to work around this is have the list be not accessible by users, and then have code logic allow for access to the data creating the different "views" on the data in something like a Web Part. The downsides to this is search becomes an issue (since the data is hidden) and having multiple "views" of the data (if necessary) is also another item to work through.
I know its a very old question but posting it as it might help someone.
There is an work around to do it as described here
I find it easier, if possible, to create the view and lock it with the filters on the list settings page.
For example, I have a list of employees that includes their employee IDs. I use that list on other pages to gather data in other webparts. So I filter the employee list to [ME]. So the data is available to the page needing it to filter others and they cannot see anything else.
Now, what about the person who needs to manage that page? I create a view, call it HR. That view can see everything. Then I export that webpart with that list view on it through the designer. I then delete the HR view from the employee list.
This leaves no way for anyone to switch views and see everything again. I create a webpart page for the person who manages it, and I upload that webpart and set the view of the webpart to HR. In the end, I have a page that I lock down instead of trying to lock down views or list permissions separately.
Would you be able to have two lists that are joined. One that all users have access to and another that only certain people have access to, and then join them? Then maybe the people that don't have access to the other table it doesn't pull the information? Not sure, but I'll try that out later today.
I would like to customize wss peopleeditor control so it searches user profiles by job title or some other property than login name. Can anybody provide me with some hint or maybe tutorial for something like this?
Thanks in advance
Below link might be useful to you.
Customize MOSS People Picker (PeopleEditor) Control
Also if you would like to replace all current (those built into SharePoint pages) PeopleEditor controls with your custom ones, you may want to see Guest blog by NaT - SharePoint People Picker: Override Validation Logic
We are researching the various options that exist in our environment to create an Employee Directory. We have a SharePoint portal, AD and recently moved from Lotus Notes to Exchange. Our current employee search is a custom Notes DB that has since been retired.
Since moving to SharePoint an year ago, we've used a custom list using SharePoint Profiles that are updated from AD. But the simple list interface isn't very user friendly and is very slow. Sone of the requirements include type-ahead, pictures, and details of skills/certifications and other demographic information etc. We are considering building an ASP.NET or SilverLight application that can consume the information in the SharePoint list. With the introduction of Outlook and the Global Address List, we are now wondering if it might be easier to build something within Outlook.
Has anybody traveled a similar path and what would you advice us to do?
Microsoft has a huge set of offerings for Collaboration and Social Computing in Sharepoint.
See this document, pages 8 and 9 for information about features related to an employee directory, including details of skills/certifications and other demographic information.
A la carte availability of individual features (such as People Profiles and People Search) and pricing may be an issue, but you may want to look into buying something rather than building it (if you can get the pieces you want for a price you can afford).
Sharepoint can connect with Outlook to keep the lists synchronized if you want to use outlook. And there are definitely a lot of different ways to change the way the lists are presented in the Sharepoint portal to make them more user-friendly. Having those details on the portal will certainly be a boon when combined with the powerful search and indexing features in SharePoint so you can identify employees based on their profile details easily.
We use the people search for this pretty effectively. We populate data in AD, then connect profile properties to AD attributes. That's only if you have MOSS, though. If you're working with WSS, you'll have to build something more custom.
One gotcha, though, is that the People Search out of the box doesn't easily do partial searches (i.e. searching for "john" doesn't match "johnson"). That's a big downer in my mind. You can use Ramon Scott's approach of a Content Editor Webpart with a form and some Javascript to work around it, and you can also get there via the advanced search box (albeit indirectly), but it sure would be nice if it were easy to make the default search box do partial name searches.
I recently just discoverd a somewhat easy visual basic script that draws information from the active directory where you can specify which OU to draw from where it displays all user information in a simple .HTM page. it includes a search bar, recognizes patterns (address) (company telephone number) etc... If you would like i can post it for you. you only need to fill in a few sections (display name for directory, OU, OU display, and tags) and you can always change the way things look too.
This should be taken care of by using the My Site feature that's available within SharePoint. You will then be able to search SharePoint users by skills, certifications, projects, and educational qualification.
Please refer to the SharePoint Planning and Deployment material on TechNet for more info.
SH.