SharePoint 2007 Security
Download as pps, pdf0 likes1,265 views
The document summarizes the SharePoint security framework model used by the Department of Premier & Cabinet. It describes how the model uses security groups to define roles and permissions for internal and external users. It also provides an overview of features like web parts for login, registration, password recovery and account management. The security model synchronizes user content and accounts between SharePoint and an SQL database.
More Related Content
What's hot (15)
Similar to SharePoint 2007 Security (20)
Recently uploaded (20)
SharePoint 2007 Security
- 1. SharePoint Security Framework Model Department of Premier & Cabinet Presented by: DPC IT – David Liong
- 2. Presentation Contents Introduction: What is it? Overview of security model Setting up (prior to implementation): Security group Security permission on contents, page and sub-sites Security Feature Overview Demo Summary SharePoint Security Framework Model
- 3. Introduction SharePoint Security Framework model used for DPC & PSC is based originally from the SharePoint community group who created the CKS FBA (Community Kit for SharePoint Form Base Authentication). CKS FBA is a open source code that uses set of .NET technologies of Web Parts, tools with SQL membership provider in managing external users account who don’t have AD and visits a public interfacing website that is either secured entirely or at partial sections of sites i.e. either at the sub-site, page or content levels. SharePoint Security Framework Model
- 4. Overview dsfaa SharePoint Security Framework Model Synchronize content http://<intranet domain>:<port No.> http://<extranet domain> or https:// Active Directory SQL Database Content DB source
- 5. Security Group Setup SharePoint Security Framework Model Internal (AD) and/or External Administrator Create SharePoint group to define roles Site Administrators group Site Collection Administrators group SQL Database Site A Site B Maintains external users for Site A Site A Site B External Users External Members group External Visitors group Site A SQL Database Unable to view any users from SQL DB Maintains external users for Site B Maintains ALL external users for all sites Create permission on who has access to sub-sites, page s, web-part sand content s
- 6. Permission Security Setup SharePoint Security Framework Model Internal Users Configure who has access permission to sub-sites, pages & contents AD & External Site Administrators group Site A Full control permission rights to site External Users External Members group External Visitors group Other AD groups Use target audience property for giving permission on : i) Web Parts ii) Page Permission level feature on sub-sites
- 7. Web-part Permissions Setup SharePoint Security Framework Model Internal (AD) Users Secure certain content section of a public page(s) to certain target audience External Users External Members group External Visitors group Other AD groups (non admin)
- 8. Web Page Permissions Setup SharePoint Security Framework Model Internal (AD) Users Secure certain page(s) to certain target audience External Users External Members group External Visitors group Other AD groups (non admin) Note: Only hide navigation URL and so unauthorized people can get to the hidden page but secured content will not be displayed.
- 9. Sub-Site Permissions Setup SharePoint Security Framework Model Internal (AD) Users Secure certain page(s) to certain target audience External Users External Members group External Visitors group Other AD groups (non admin) Note: Navigation URL is displayed but unauthorized people will get denied access when the navigation link is click.
- 10. Security Feature Overview SharePoint Security Framework Model CKS FBA has the following features: Web-Parts Login web-part: Lock out user account after 3 invalid login attempts for external users. Site administrator will unlock user account & reset password which will notify user via email New registration web-part: Adopts network password policy, i.e. Must be alphanumeric characters (at least 1 upper & lower case letter and 1 digit 0-9); Character must be at least 6 characters minimum up to 15 characters length maximum; At least 1 non alphanumeric character e.g. Password1! - valid
- 11. Security Feature Overview SharePoint Security Framework Model CKS FBA has the following features: Web-Parts Password recovery web-part: Resets user’s password and emails the user with a temporary password. Change password web-part: Adopts network password policy when changing old password to a new password. User Account UI: Administrator can manage external user accounts in SharePoint.
- 12. Demo SharePoint Security Framework Model Add a new registered member Change password Reset password
- 13. Security Architecture SharePoint Security Framework Model Website application outage occur will not be affected to other websites. SQL DB server outage will affect ALL sites. However DB outage will not be an issue if Windows Live ID authentication for SharePoint is adopted. SSL license for each independent websites (if required)
- 14. Security Feature Summaries SharePoint Security Framework Model What CKS FBA has delivered: Password is encrypted in SQL DB and from web interface and follows dept. password policy. A user has ability to request website access via website. And a record will be automatically save into SQL User List database. Site administrator will receive an email, and can grant permission for the pending new registration request. User will then receive the login authorization email with the automatically generated password in plain text, when site administrator approves request. New registered user can change password. Forgotten password function sends a new password to the registered email address. Web interface to allow site administrator can create a new user & add user into a site group, deactivate or delete a user from site level. The record will be saved into SQL DB.
- 15. Security Feature Summaries SharePoint Security Framework Model Some enhancements for CKS FBA in phase 2: Need a logout button for the log-in web part, so that external users can log out from site if SharePoint template site does not provide out of the box sign-out link. Hide login button and display user’s name after user has been authenticated. No website interface in SharePoint to display list of all users information for all sites from SQL database. (e.g. UI ability for Administrator to unlock a user if SQL locks user's account after 3 number of failed logon attempts before password reset can be implemented) FBA page locks user accounts after x number of failed logon attempts but does not make the user be aware that his/her account has been locked. Generate reports on which sites a specific user has access to, and which users have access to a specific site. Change password web-part does not validate if existing password that was entered by user is the same as the new password. Hence existing external user can retain their old password by keeping password change the same. Send an email to users at the same time after when a user resets their passwords.
- 16. FAQ SharePoint Security Framework Model Any Questions?