Hi all, i've implemented a membership provider, and it works. while, i am confused about the Role provider. Does it have something to do with sharepoint groups or permission levels? can i take over sharepoint's default authorization mechanism, and implement it by my custom code? i have a table which have two columns, one for username, the other for the sharepoint groups he or she belongs to. how to get moss to take these information into account when it decide users' permissions . note: data in this table(users and their groups) is maintained by other programs. is there some detailed description about sharepoint's authorization model? thanksAndrew BI, Data Mining, Analytical CRM

Hi, Authorization refers to the process by which Windows SharePoint Services provides security for Web sites, lists, folders, or items by determining which users can perform specific actions on a given object. The authorization process assumes that the user has already been authenticated, which refers to the process by which Windows SharePoint Services identifies the current user. Windows SharePoint Services does not implement its own system for authentication or identity management, but instead relies solely on external systems, whether Microsoft Windows or non-Windows authentication. There have three types of authentication: Windows, Asp.net forms and Delegated. You can use Form authentication to authenticate users stored in AD, a SQL database or in LDAP directory. And you can develop custom membership and role provider for your form authentication. For more information, please refer to: http://msdn.microsoft.com/en-us/library/ms457529(v=office.12).aspx http://msdn.microsoft.com/en-us/library/bb975135(office.12).aspx Hope it helps. Xue-Mei Chang

Thanks Xue-Mei, ur reply is informative and the links are useful indeed. while IMHO, they are mainly about authentication. are there some more details on authorization? In my previous scenario, ofcuz, i can manually add users to sharepoint groups, so the users inherit the groups' permission. however, there are too many users and the user-group relationships are stored in an external datasource. do i need to write a program to monitor the user-group relationship and then modify correspondingly in MOSS2007? thanks Andrew BI, Data Mining, Analytical CRM

Thanks Xue-Mei, ur reply is informative and the links are useful indeed. while IMHO, they are mainly about authentication. are there some more details on authorization? In my previous scenario, ofcuz, i can manually add users to sharepoint groups, so the users inherit the groups' permission. however, there are too many users and the user-group relationships are stored in an external datasource. do i need to write a program to monitor the user-group relationship and then modify correspondingly in MOSS2007? thanks Andrew BI, Data Mining, Analytical CRM

There's a power point here and more info that might help on top of Xue-Mei's information. More Info - http://blogs.msdn.com/b/arpans/archive/2008/05/09/sharepoint-end-user-security.aspx Hard Limits - http://weblogs.asp.net/erobillard/archive/2008/09/11/sharepoint-security-hard-limits-and-recommended-practices.aspx Kris Wagner, MVP, MCITP, MCTS Twitter @sharepointkris Blog: http://www.sharepointkris.com/blog

There's a power point here and more info that might help on top of Xue-Mei's information. More Info - http://blogs.msdn.com/b/arpans/archive/2008/05/09/sharepoint-end-user-security.aspx Hard Limits - http://weblogs.asp.net/erobillard/archive/2008/09/11/sharepoint-security-hard-limits-and-recommended-practices.aspx Kris Wagner, MVP, MCITP, MCTS Twitter @sharepointkris Blog: http://www.sharepointkris.com/blog

There's a power point here and more info that might help on top of Xue-Mei's information. More Info - http://blogs.msdn.com/b/arpans/archive/2008/05/09/sharepoint-end-user-security.aspx Hard Limits - http://weblogs.asp.net/erobillard/archive/2008/09/11/sharepoint-security-hard-limits-and-recommended-practices.aspx Kris Wagner, MVP, MCITP, MCTS Twitter @sharepointkris Blog: http://www.sharepointkris.com/blog