User Level Security
Hello, We have a site created by an application template we downloaded which supplies advanced Project/Task statuses. My boss would like to set permissions so only he, and another co-worker can access it, effectively locking the administrators out (myself included) as well. I know how this sounds to some of you, so please don't respond with "that's not a good idea!", "that's not good practice!". I understand all the good and bad that can come from a situation like this, but what my boss asks, I do. Can anyone give me some insight to figuring this out? Thanks!
January 28th, 2010 9:42pm
Hey John, thanks very much for your reply, and for the information! That's a great slide show. I understand your angle, but the problem I'm still going to run into is the fact that I know, and have full control over his windows password. Is there a way that he can lock down a section of Sharepoint with another password not tied in to AD? Kind of like the way one can password-lock an office file? The solution can be anything but standard if anyone has any ideas/recommendations.
January 29th, 2010 2:34am
Hi There..Use forms based authentication. extend the same web application at another virtual server with Form based authentication and create a user for your boss.The ID might be the very same as his windows AD ID but obviously with a different password. So, for Boss, it's just his ID but for Sharepoint they are just two different users.Then comes permissions which is just very simple now. Assign Forms based User the highest permissions and restrict windows user.Links below talks a lot about FBA.http://technet.microsoft.com/en-us/library/cc262201.aspxhttp://msdn.microsoft.com/en-us/library/bb975136.aspxhttp://www.sharepointfba.com/Thanks!I LOVE MS..... Thanks and Regards, Kshitiz (Posting is provided "AS IS" with no warranties, and confers no rights.)
January 29th, 2010 5:11am
Wonderful, thank you, Kshitizs! I think FBA is the correct way to go.
February 1st, 2010 8:12pm
Its a lot of work to extend a web app just to satisfy a need for a second account - why don't you just give him a second account in AD if thats all you need and let him change his own password? Give him admin rights and he can deny you out as a user. If you extend, as administrator, you still have access to the unextended web application, that also contains all the data he updates on the extended service - if you extend then you'll need to disable the unextended application, so will this impact your current user base? Regards John Timney
February 2nd, 2010 4:42pm