WebPart security
Question
What is best practice to ensure only the correct users can see a webpart in Sharepoint 2007?
Security Groups, and Audiences have both been suggested to me.
3 answers
solution1
4 2009-04-15 16:30:23
It depends if you are talking about the rendering of Web Parts or adding Web Parts from the Web Part gallery. Let me explain both scenarios:
1) In MOSS 2007, you can indeed use audiences to target the rendering of Web Parts on a given Web Part page. This is exactly what the Audience property on Web Parts is designed for. However, for WSS 3.0 deployments this is not possible as Audiences is a MOSS thing.
2) Hiding Web Parts in the Web Part gallery is also possible, ie in case you do not want all users with design permissions to be able to add any WP in the gallery. Use item permissions on the .dwp / .webpart files in the WP gallery to restrict access.
solution2
1 ACCPTED 2009-04-15 20:48:19
Although audiences are not a security mechanism, for webpart visability the effect is the same. The issue with a webpart is others can add that webpart to another page that you are not controlling the audience for if you do not set the protection for the webpart in the gallery, as Lars mentioned. As he also mentioned, the audiences are only available if you are using MOSS and not just WSS.
An additional security step is to place the logic in the webpart to prevent unauthorized use. If it is truely a security concern, I would chose this approach.
solution3
0 2009-04-15 16:38:15
As far as best practices go, it depends. If you use Audiences, use them first. This allows for central management of content accessibility. If not, item permissions is probably the next best thing. After that, you have to manage it in the Render() of the webpart itself (bad idea).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.