[英]Sharepoint Provider Hosted User Permissions
I'm building a business app where read and write access permissions are important. 我正在构建一个业务应用程序,其中读写访问权限很重要。 The project is a Provider hosted MVC 5 / SharePoint app built in Visual Studio 2012.
该项目是在Visual Studio 2012中构建的提供商托管的MVC 5 / SharePoint应用程序。
Johnny needs to be able to Read
and Write
content on SharePoint App A
AND SharePoint App B
Johnny需要能够在
SharePoint App A
和SharePoint App B
上Read
和Write
内容
Dave needs to only be able to Read
content on SharePoint App A
Dave只需要能够
Read
SharePoint App A
内容
I've looked over a lot of documentation including this tutorial: http://www.itunity.com/article/sharepoint-permissions-manage-access-sql-data-709 我查看了很多文档,包括本教程: http : //www.itunity.com/article/sharepoint-permissions-manage-access-sql-data-709
The problem is if I give Dave Read access at the site level he is allowed to access SharePoint App A
but also SharePoint App B
. 问题是如果我在站点级别提供Dave Read访问权限,则允许他访问
SharePoint App A
以及SharePoint App B
How do I effectively use SharePoint permissions to stop this unintended behaviour? 如何有效地使用SharePoint权限来阻止这种意外行为?
Should I even be using SharePoint permissions? 我应该使用SharePoint权限吗?
2nd example: 第二个例子:
I am building an app for project management, there will be an Engineer who is able to create, read and edit projects, there is also an Accountant who views the projects billables. 我正在为项目管理构建一个应用程序,将有一个能够创建,阅读和编辑项目的工程师,还有一个会计师可以查看项目管理。
If I give Read permissions to Engineer and Read permissions to Accountant, how do I know which can view the project details and which can view the project's billables? 如果我向工程师授予读取权限并向会计授予读取权限,我如何知道哪些可以查看项目详细信息以及哪些可以查看项目的可计费用?
I read the article you linked to, and I am not sure that this is "authorization", the right word is "authentication", in sharepoint you set what a user can do, authorization means- which data user can read or write 我读了你链接的文章,我不确定这是“授权”,正确的词是“身份验证”,在sharepoint中你设置用户可以做什么,授权意味着 - 哪个数据用户可以读或写
so a simple solution for you is creating Group in sharepoint, for any authorization type you have, for example, a group called "Engineer", and gives it the permissions you need, your engineers will be members in this group. 因此,一个简单的解决方案是在sharepoint中创建Group ,对于您拥有的任何授权类型,例如,名为“Engineer”的组,并为其提供所需的权限,您的工程师将成为该组中的成员。
in your MVC attribute, accept the group as parameter and check if user is member in this group, show the user the relevant data according to its group 在您的MVC属性中,接受组作为参数并检查用户是否是该组中的成员,根据其组向用户显示相关数据
public SharePointPermissionsAuthorizationAttribute( params string group) { _groups = groups; }
[SharePointEffectivePermissionsFilter("Engineer"]
public ActionResult Index() { ... } }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.