After long time I found some time today to share my new experience in my new organisation. Since last 10 weeks I was working on my 1st ever SharePoint implementations assessment assignment. And ad on to that it was for SharePoint 2010.
My Assignment included to set up or to be precise suggest the Architecture for implementation of SharePoint 2010.
One of the requirement from the client is real time. They were planning to make their intranet portal available on extranet users as well. But they want the restriction on some of the confidential documents when same user accessing the portal from extranet.
Requirement: User A is a exist as a Store Manager in AD. He should be able to access the document on portal only when he is accessing it from store or say from Intranet. At the same time when User A is trying to access the same document on portal from Home through extranet the document should not be accessible to him.
Myth:It can be achieved by using (1) Audiance Target (2) Creating different group for Intranet and Extranet.
Solution: I would say option (2) is half true. But My Document library is having a permission only for Intranet Group. Now when user A who is a part of both Intranet & Extranet Group how SharePoint will know when User A is accessing the portal from Extranet or Intranet?
Answer to this is Web Application Permission Policy in SharePoint 2010.
Step1: Create portal http://myportal for "Intranet Zone"
Step2: Go to Central Admin and Extend "http://myportal" for "Extranet Zone"
Step3: Select the created "http://myportal" and select Permission Policy from the "Ribbon" on the top.
Step4: Create new policy for "Deny" and add Intranet AD group to that, which will prevent the site to be accessed for the defined group in the Deny Policy.
Now when User A is accessing the portal from extranet and entered the site, SharePoint knows that User A is accessing the portal as a part of Extranet AD Group and not allowed him to access the Document Library which is only having an access to Intranet Group users.
Feel free to write to me for any help on this...and click here and here to know more on how to set up site permission policy.
My Assignment included to set up or to be precise suggest the Architecture for implementation of SharePoint 2010.
One of the requirement from the client is real time. They were planning to make their intranet portal available on extranet users as well. But they want the restriction on some of the confidential documents when same user accessing the portal from extranet.
Requirement: User A is a exist as a Store Manager in AD. He should be able to access the document on portal only when he is accessing it from store or say from Intranet. At the same time when User A is trying to access the same document on portal from Home through extranet the document should not be accessible to him.
Myth:It can be achieved by using (1) Audiance Target (2) Creating different group for Intranet and Extranet.
Solution: I would say option (2) is half true. But My Document library is having a permission only for Intranet Group. Now when user A who is a part of both Intranet & Extranet Group how SharePoint will know when User A is accessing the portal from Extranet or Intranet?
Answer to this is Web Application Permission Policy in SharePoint 2010.
Step1: Create portal http://myportal for "Intranet Zone"
Step2: Go to Central Admin and Extend "http://myportal" for "Extranet Zone"
Step3: Select the created "http://myportal" and select Permission Policy from the "Ribbon" on the top.
Step4: Create new policy for "Deny" and add Intranet AD group to that, which will prevent the site to be accessed for the defined group in the Deny Policy.
Now when User A is accessing the portal from extranet and entered the site, SharePoint knows that User A is accessing the portal as a part of Extranet AD Group and not allowed him to access the Document Library which is only having an access to Intranet Group users.
Feel free to write to me for any help on this...and click here and here to know more on how to set up site permission policy.
No comments:
Post a Comment