Woody Windischman

Sep-222011

Governing SharePoint Designer

wpe4A Book Excerpt from “Beginning SharePoint Designer 2010

SharePoint Designer provides a great deal of customizing power to its users. In some environments, particularly in an enterprise, giving all users access to this level of power may not be appropriate. To address this, SharePoint allows system administrators and site owners to configure different levels of access for users of SharePoint Designer.

First and foremost in the governance of SharePoint Designer is the proper application of regular security roles to a SharePoint site. Quite simply, even if a user downloads and installs SharePoint Designer, he cannot use it to make any changes to a site he would not otherwise be permitted to make. For example, a typical user in the Member role cannot change themes or master pages, or modify the schema of a list or library. SharePoint Designer would not suddenly enable him to do so. A user would need to be in (for example) the Web Designer or Administrator role on the site in order to make such changes, regardless of any tool he has installed.

In SharePoint 2010, you also have the settings for directly managing the use of SharePoint Designer, irrespective of the regular security of a site. These settings allow or prevent access to certain features by users of SharePoint Designer.

The SharePoint Designer controls screen is shown below

clip_image002

This page is accessible at different levels within SharePoint, depending upon the scope over which control is to be exerted. You can set these options at the web application or site collection level. If SharePoint Designer or one of its features is blocked at the web application level, it cannot be overridden by a site collection owner. Nevertheless, a site collection owner can invoke tighter restrictions than are set at the web application.

Note: Restrictions implemented at the site collection level impact most users, but do not apply to the site collection administrators themselves.

Regardless of which method or methods you use to restrict SharePoint Designer, your choices will be reflected in the experience presented to the users. The user interface of SharePoint Designer is security trimmed. This means that users are only shown the functions that they have the right to see or control. This figure shows a Site Objects list with all the SharePoint Designer options enabled (the default state).

clip_image003

Compare to the figure below, which is the same site with the options disabled.

clip_image004

Observe that access to the Master Pages gallery and direct access to the site files are not visible in the restricted site. Other elements throughout the user interface, such as context menus, are similarly trimmed.


Published: Sep-22-11 | 0 Comments | 0 Links to this post
Tagged as: Governance, SharePoint Designer, Administration, Best Practices

Aug-222011

Calling All People

wpe4Which Way did They Go?

One of the big attractions (and honestly, biggest fears) of SharePoint for overworked Network Administrators is its ability to delegate permissions management to site collection owners. For purposes of this article, I'm going to gloss over the details of where users are coming from. Suffice to say that they can come from Active directory, or any number of other sources. I'm also not going to talk about breaking inheritance, or anything like that. Instead, I'm going to show you where to find a very useful tool.

Generally speaking, if you have groups available, you want to use them to apply permissions in SharePoint. For example, you might put a network (Active Directory) group into one of the default SharePoint groups. Although it isn't an ideal practice, on an Intranet, it is common to apply a base level of permissions to anyone who has logged into your network:
image

Once users log in and start doing things, they leave a trail of things they have touched, and thus show up as users in SharePoint. On SharePoint 2007, you had an easy to see option to list who had actually done things on your site. This was the "All Users" view. Unfortunately, in SharePoint 2010, there is no obvious way to access this same information. In fact, there are several types of users who you can't readily see:

  • Individuals who are members of Windows groups (such as Authenticated Users above).
  • Site Collection Administrators
  • People given permissions through Web Application policies

The good news is, the information is still there. To get to it, open any group in People and Groups:

image

Then, in the URL, change the "MembershipGroupId" to zero:

image

This will result in the classic "All People" view showing up, including every user who has made updates to your site!

image

A Word of Caution

Although this view is very useful, there are probably good reasons that it was suppressed in SharePoint 2010. The most likely has to do with a classic SharePoint foible - the so-called"2000 item limit". While that is not (and never was) truly a "limit", the fact is that when lists grow to many thousands of items, rendering views can get pretty slow.

SharePoint 2010 has made great strides in working around this issue compared to SharePoint 2007, but there are still some performance constraints when rendering large lists. Given the importance of the Users list, having it locked during a large read could be "a very bad thing." In a large environment, you could have tens (or hundreds) of thousands of people accessing a singe site collection, meaning tens (or hundreds) of thousands of items in the Users list. Attempting to render an unfiltered view of "All People" in such a case could be disastrous.

So, now that you know how to find the All People view, you need to treat it like a sharp knife or a power tool. Handle with Care!


Published: Aug-22-11 | 0 Comments | 0 Links to this post
Tagged as: Administration, Lists and Libraries, SharePoint 2010, Design

May-272011

Everything There is to Know About SharePoint 2010 SP1

imgBTruly "Packed" for "Service!"

*** UPDATE: Service Pack 1 has now been released! ***

As mentioned in my previous post, Tech-Ed 2011 was somewhat subdued. We're pretty much "between launches", meaning that the emphasis was on real-world application of the existing technology stack, rather than The Next Big Thing. That said, there were some glimmers of things to come.

One of those glimmers was the announcement that Service Pack 1 for Office and SharePoint 2010 products was almost here. Although an exact date wasn't given, we were told that it would ship in "Late June 2011". That's about as specific as Microsoft ever gets for anything short of a major launch event.

It's In There...

Microsoft also released a few hints of what will be included in SP1. Before I go into detail, however, you may need a little background. The effective definition of the term "Service Pack" at Microsoft has always been something of a moving target. Although, officially a Service Pack is just supposed to contain "bug fixes and stability and compatibility enhancements", Service Packs in the past have ranged from just that, to conglomerations of new features that could have almost justified a full point release. (And let's not even get into actual point releases, "Feature Packs", and the infamous SharePoint 2007 "Infrastructure Update"!) SP1 for SharePoint 2010 falls somewhere in-between those extremes.

Note: This article describes only the features of SP1 that were officially disclosed at Tech-Ed. These may or may not be the only enhancements to come...

Of course, the core of any service pack are those bug fixes I mentioned. While Microsoft didn't disclose any specific new bugs being fixed, they did say that everything in the previously released Cumulative Update packages (up to and including April 2011) will be included. The main difference between the fixes in a Cumulative Update (also called a "Hot Fix Rollup"), and those in a Service Pack, is that the Service Pack fixes have received more thorough regression testing, and are considered appropriate for deployment to all customers. CU's, though supported, are primarily meant for customers who know they're suffering from particular issues included in the package. This is also why, while Service Packs are distributed widely, CU's have to be specifically requested. Of course, all of these updates are much easier to come by than they used to be. Check out the Updates for SharePoint 2010 Products for the latest and greatest details.

Going Beyond the Bug(s)

So, what are the actual new features in SharePoint 2010 SP1?

Support for Internet Explorer 9 Native Mode and Google Chrome

SharePoint has always had great browser support, but this update officially will add Google Chrome to the "A" list of browsers, supporting the vast majority of SharePoint features - including Office Web Apps. Ditto to Internet Explorer 9 in "Native Mode" - whatever that means... :)

Site Recycle Bin

Here's a feature that people have been asking for almost as long as SharePoint has been around! As of SharePoint 2010 SP1, administrators will be able to recover deleted sites and site collections without having to first restore a SQL Server database! There have been third party tools, and open source projects, to accomplish this in the past, but now the functionality will be baked in.

Shallow Copy

Shallow Copy needs a little explanation. No, it doesn't mean a clone with the personality of a Barbie(tm) doll. This feature is primarily of interest to folks using the Remote Blob Storage (RBS) feature of SLQ Server 2008 R2 to reduce the size of their databases. Essentially, when you move a site collection from one database with RBS enabled to another, Shallow Copy allows the file-system-based files to remain where they are, with just the pointers in the Content Database updated. Otherwise, the files would need to be read off the disk, then resaved as part of the copy operation.

StorMan.aspx

This one is less a "new" feature, than the return of an "oldie but goodie". When you had a quota assigned to a site collection, it could be very handy to have a report of where on your site you happen to be using up space. In SharePoint 2007, there was a utility page for this report called storman.aspx. For reasons I'm not sure of, this page was not included in SharePoint 2010. Service Pack 1 brings it back home.

SQL 11 Support

There was a lot of buzz at Tech-Ed about Denali (aka SQL 11 - who knows what the "real" name will be). SP1 brings official support for it to SharePoint. No official word on whether it will light up any new features, except maybe the Crescent real-time Reporting Services tool. I saw a Crescent demo at the show, and it was really cool. I might write more about that later. In the mean time, check out this SQL Reporting Services team blog post...

Fix, or Feature?

In the slide show I saw, several items were listed as "Fixes", though a lot of them sure sounded like new and/or improved functionality to me...

Office Web Apps

The Office Web Apps, or OWA, get a lot of love in SP1. I already mentioned the enhanced browser support (Chrome, IE9 "Native"). In addition, you get such goodies as:

  • Open Document Format (ODF) support for viewing and editing
  • Print Word documents in edit mode (not just preview mode)
  • Insert Charts with Excel Web App
  • Copy/Past values and formulas in Excel Web App by dragging the "fill" handle.
  • Print from PowerPoint Web App
  • Edit directly in more shapes in PowerPoint Web App
  • Insert Clip Art in PowerPoint Web App

All in all, very worthy improvements!

Indexing Connector for Documentum

Even though SharePoint offers all kinds of document management, there are still customers for whom Documentum is the product of choice. The Indexing Connector for Documentum allows SharePoint Search to crawl Documentum repositories and return appropriately ranked results within SharePoint. The specific updates for this connector include:

  • Improves overall crawl performance
  • Provides support for customized Documentum Foundation Services (DFS) URL
  • Provides support for Documentum Trusted Content Services (TCS) "Access Restriction" Access Control List (ACL) for security trimming
  • Provides support for custom security trimming solution for TCS enabled Documentum repository by extracting TCS ACLs into SharePoint crawled properties
  • Provides support for Documentum “superuser” permissions level

FAST Search Server 2010

FAST Search Server 2010 is Microsoft's high-end search product. It wasn't left out of the Service Pack 1 frenzy. Here's what you get:

  • Adds the possibility to add and remove indexer and search columns on a live system
  • Adds more flexible custom property extractors
  • Adds Greek spellchecking and stemming
  • Improves title extraction for Word and PowerPoint documents. Titles are now presented correctly and relevancy for Word and PowerPoint documents is improved.
  • Improves default schema which improves relevancy
  • Improves index backup/restore

Conclusion

And that's the whole thing, at least as far as the information that was released at Tech-Ed goes. Service Pack 1 has been over a year in the making, and it seems pretty clear that it will have been well worth the wait. Although we don't yet have the exact release date, you can always keep up to speed on what patches are current on the SharePoint Update pages.

Here's that Update Page link again

And here's the equivalent for SharePoint 2007 technologies

Have a great Memorial Day weekend!


Published: May-27-11 | 3 Comments | 0 Links to this post
Tagged as: Administration, Conferences, Office 2010, SharePoint 2010, Search, Upgrade

May-52011

The Sanity Point is Now On SharePoint 2010

wpe4It's About Time!

I'm pleased to announce that The Sanity Point is now at long last running on SharePoint 2010. Specifically, Search Server 2010 Express. I confess, this took a lot longer than I had planned.

Though the big stumbling blocks had to do with migrating my content, and getting the Community Kit for SharePoint - Enhanced Blog Edition (CKS:EBE) to work correctly, I can't totally blame the tools. My life has been pretty busy these last few months, so my troubleshooting time (along with writing time) was quite limited. Still, look for a post describing my new environment and the actual trials and tribulations of getting it set up in the near future, as there are definitely some "gotchas".

In the mean time, thanks for your patience, and I'll see y'all at Tech-Ed in Atlanta!

*UPDATE*

There is apparently yet another glitch with CKS:EBE. Sometimes, post links aren't working. It doesn't happen consistently (otherwise I would have caught it). Please bear with me as I try to work out this last kink. Thanks for your patience!


Published: May-05-11 | 1 Comment | 0 Links to this post
Tagged as: Blog, CKS-EBE, Administration, Customization, Conferences

 Next >>