Configuring Security for SP Content and Adding User policy

  • Managing Sharepoint Groups
  • Creating Custom Permission Levels
  • Managing Permissions and Inheritance
  • Creating a Web Application Policy
A. MANAGING SHAREPOINT GROUPS
A. 1. ADD A USER TO A SITE'S MEMBERS GROUP

  1. Log on to SP2010-WFE1 as CONTOSO\SP_Admin with the password.
  2. Open Internet Explorer.
  3. In the address bar, type http://intranet.contoso.com/sites/IT and then press ENTER.
  4. Click Site Actions, and then click Site Permissions.
  5. On the ribbon, click Grant Permissions.
  6. In Users/Groups box, type CONTOSO\Sanjays.
  7. I the drop-down list, select Information Technology Members [Contribute], and then click OK.
    You have now added Sanjay Shah, the Contoso Chief Technology Officer (CTO), as a contributor to the IT Intranet Web, which gives him Read and Write permissions.
A. 2. Verify that the member can sign in
  1. In the address bar of Windows Internet Explorer, type http://intranet.contoso.com/sites/IT, and then press ENTER.
  2. In the upper-right corner of the page, click Sharepoint Administrator, and then click Sign in as Different User.
    The Windows Security dialog appears.
  3. In the User name box, type CONTOSO\SanjayS.
  4. In the Password box, type [its password], and then click OK .
  5. In the Quick Launch, click Tasks.
  6. Click Add new item.
  7. In the Title box, type Select Sharepoint Governance Team.
  8. Click Save.
 A. 3. Add a User to a Site's Visitors Group
  1.  In the upper-right corner of the page, click Shah, Sanjay, and then click Sign in as Different User.
    The Windows Security dialog appears.
  2. Click Use another account.
  3. In the User name box, type CONTOSO\SP_admin.
  4. In the Password box, type [itspassword], and then click OK.
  5. Click Site Actions, and then click Site Permissions.
  6. In the groups list, click Information Technology Visitors.
  7. Click the drop-down arrow next to the New button, and then click Add Users.
  8. In the Users/Groups box, type CONTOSO\JeffL, and then click OK.
    You have now added Jeff Low, the Contoso Vice President of finance, as a visitor to the IT intranet Web, which gives him Read permission.
 A. 4. Verify that the visitor can sign in.
  1.  In the tab navigation, click Information Technology.
  2. In the upper-right corner of the page, click Sharepoint Administrator, and then click Sign in as Different User.
    The Windows Security dialog appears.
  3. Click Use another account.
  4. In the User name box, type CONTOSO\JeffL.
  5. In the Password box, type [itspassword], and then click OK.
  6. In the Quick Launch, click Tasks.
  7. Verify that you do not see the Add new item command.
 A. 5. Create a new group and assign it the Design permission level
  1.  In the upper-right corner of the page, click Low, Jeff, and then click Sign in as Different User.
    The Windows Security dialog appears.
  2. Click Use another account.
  3. In the User name box, type CONTOSO\SP_admin.
  4. In the Password box, type [itspassword], and then click OK.
  5. Click Site Actions, and then click Site Permissions.
  6. On the ribbon, click Create Group.
  7. In the Name box, type Information Technology Designers.
  8. In the About me box, type Use this group to grant people Design Permissions to the Sharepoint site: Information Technology.
  9. In the Give Group Permissions to this Site section, select the Design permission level check box.
  10. Click Create.
B. CREATING CUSTOM PERMISSION LEVELS

B. 1. Create a custom permission level to allow viewing Web analytics reports
  1. Click Site Actions, and then click Site Permissions.
  2. On the ribbon, click Permission Levels.
  3. Click Add a Permission Level.
  4. In the Name box, type View Usage.
  5. In the description box, type Can see only usage data about this site.
  6. Select the View Web Analytics Data check box.
    Note: Additional permissions check boxes are selected automatically.
  7. Click Create.
  8. Click Site Actions, and then click Site Permissions.
  9. On the ribbon, click Create Group.
  10. In the Name box, type Usage Monitors.
  11. In the About Me box, type Use this group to grant people permission to view Web Analytics data for the Sharepoint site: Information Technology Dept.
  12. In the Give Group Permission to this site section, select the View Usage check box.
  13. Click Create.
  14. Click the drop-down arrow, next to the New button, and then click Add Users.
  15. In the Users/ Groups box, type CONTOSO\LolaJ, and then click OK.
 B. 2. Attempt to view Web analytics reports
  1. In the address bar of Internet Explorer, type http://intranet.contoso.com/sites/IT, and then press ENTER.
  2. In the upper-right corner of the page, click Sharepoint Administrator, and then click Sign in as Different User.
    The Windows Security dialog appears.
  3. Click Use another account.
  4. In the User name box, type CONTOSO\LolaJ.
  5. In the Password box, type [adminpassword], and then click OK.
    An Access Denied error appears.
  6. To open the usage page, click in the address bar, type http://intranet.contoso.com/sites/IT/_layouts/usageDetails.aspx, and then press ENTER.
    An Access Denied error appears. This is because although you have permission to access Web analytics data, you do not yet have permission to view the default application pages that present that data.
 B. 3. Add a permission to the custom permission level
  1. Click Sign in as different User.
    The Windows Security dialog appears.
  2. Click Use another account. 
  3. In the User name box, type CONTOSO\SP_Admin.
  4. In the Password box, type [itspassword], and then click OK.
  5. Click Site Actions, and then click Site Permissions.
  6. On the ribbon click Permission Levels.
  7. Click View Usage.
  8. Select the View Application Pages check box.
  9. Click Submit.
 B. 4. Validate the functionality of the custom permission level
  1. In the address bar of Internet Explorer, type http://intranet.contoso.com/sites/IT, and then press ENTER.
  2. In the upper-right corner of the page, click Sharepoint Administrator, and then click Sign in as different User.
    The Windows Security dialog appears.
  3. Click Use another account.
  4. In the User name box, type CONTOSO\LolaJ.
  5. In the Password box, type [itspassword], and then click OK.
    an Access Denied error appears.
  6. In the address bar, type http://intranet.contoso.com/sites/IT/_layouts/settings.aspx, and then press ENTER.
  7. Click Site Web Analytics reports.
  8. Examine the report, and then click the browser's Back button.
  9. Click Site Collection Web Analytics reports.
  10. Examine the report, and then click the browser's Back button.
  11. Close Internet explorer.

C. MANAGING PERMISSIONS AND INHERITANCE
C.1. Add a document and a folder to a library.

  1. Open Internet Explorer.
  2. In the address bar, type http://intranet.contoso.com/sites/IT and then press ENTER.
    The Windows Security dialog appears.
  3. In the User name box, type CONTOSO\SP_Admin.
  4. In the Password box, type [itspassword], and then click OK.
  5. In the Quick Launch, click Shared Documents.
  6. Click Add document.
  7. Click Browse.
  8. Select the file D:\IT Policies and Procedures for Sharepoint 2010, click Open, and then click OK.
  9. On the ribbon, click the Documents tab.
  10. Click New Folder.
  11. In the Name box, type Usage Reports.
  12. Click Save.
  13. In the
C.2. Assign permissions to a folder
  1. Click the Usage Reports row to select it.
    Do not click the Usage Reports link because it will open the folder.
  2. On the ribbon, click Document Permissions.
  3. On the ribbon click Stop Inheriting Permissions.
    A Message from webpage dialog appears.
  4. Click OK.
  5. To select all permissions, click the check box in the column heading row, next to Name.
  6. On the ribbon, click Remove User Permissions.
    A Message from webpage dialog appears
  7. Click OK.
  8. On the ribbon, click Grant Permissions.
  9. In the Users/Groups box, type CONTOSO\LolaJ.
  10. In the Grant Permissions box, select the Full Control check box, and then click OK.
C.3. Verify the behavior of Sharepoint Permissions
  1. In the address bar of Internet Explorer, type http://intranet.contoso.com/sites/IT, and then press ENTER.
  2. In the upper-right corner of the page, click Sharepoint Administrator, and then click Sign in as Different User.
    The Windows Security dialog appears.
  3. Click Use another account.
  4. In the User Name box, type CONTOSO\LolaJ.
  5. In the Password box, type its password, and then click OK.An Access Denied error appears.
  6.  In the address bar, type http://intranet.contoso.com/sites/IT/Shared Documents.The document library opens. You are able to see the Usage Reports folder but not the policies document.
  7. Close all windows.
D. CREATING A WEB APPLICATION POLICY
D.1 Add a User to a group

  1. On SP2010-WFE1, click Start, click Administrative Tools, hold down the SHIFT key and right-click Active Directory Users and Computers, and then select Run as different user.
  2. Enter the user name CONTOSO\Administrator and the password, and then click OK.
  3. Expand the contoso.com domain, and then click the Users container.
  4. Right-click the Users container, point to New, and then click GROUP.
  5. In the details pane, double-click Sharepoint Content Auditors.
  6. Click the Members tab.
  7. Click Add.
  8. Type CONTOSO\JimD, click OK, and then click OK again.
D.2. Create groups

  1. Right-click the Users container, point to New, and then click Group
  2. In the Name box, type Sharepoint Full Control Policy, and then click OK
  3. Right-click the Users container, point to New,, and then click Group
  4. In the Name box, type Sharepoint Deny Policy, and then click OK
  5. Close Active Directory Users and Computers.
D.3. Create a Read Web Application policy
  1.  Open Sharepoint 2010 Central AdministrationThe User Account Control dialog appears.
  2.  Click Yes.
  3. In the Application Management section, click Manage web applications
  4. Click Sharepoint - Intranet.contoso.com80
  5. On the Ribbon, click User policy
  6.  Click Add Users.
  7. In the Zones list, select (All zones)
  8. Click Next
  9.  In the Users box, type CONTOSO\Sharepoint Content Auditors.
  10. In the Choose Permissions section, select the Full Read check box.
  11. Click Finish
D.4. Create a Full Control Web Application Policy

  1. Click Add Users
  2.  In the Zones list, select (All Zones)
  3.  Click Next
  4.  In the Users box, type CONTOSO\Sharepoint Full Control Policy
  5.  In the Choose Permissions section, select the Full Control check box.
  6.  Click Finish.
D.5. Create a Deny Web Application Policy

  1. Click Add Users
  2.  In the Zones list, select (All Zones)
  3.  Click Next
  4.  In the Users box, type CONTOSO\Sharepoint Deny Policy
  5.  In the Choose Permissions section, select the Deny All check box.
  6.  Click Finish. and then click OK

D.6. Verify the behavior of Sharepoint Web application policies

  1. In the address bar, type http://intranet.contoso.com/sites/IT, and then press ENTER.
  2. In the upper-right corner of the page, click Sharepoint Administrator, and then click Sign in as Different User.
    The Windows Security dialog appears.
  3. Click User another account.
  4. In the User name box, type CONTOSO\JimD.
  5. In the Password box, type its password, and then click OK.
  6. In the Quick Launch, click Tasks.
  7. verify that you do not use the Add new item command.




Subscribe to: Posts (Atom)