Microsoft’s Windows SharePoint Technology and Services, which includes SharePoint Portal Server (SPS) and Windows SharePoint Services (WSS) allows teams to create Web portals for information sharing and document collaboration that helps increase individual and team productivity. It also serves as a platform for application development, providing IT resources as portals, team workspaces, e-mail, presence awareness, and Web-based conferencing. SharePoint enables developers to quickly build collaborative applications based on a robust set of out-of-the-box functionalities.
As a collaboration platform, information stored in SharePoint is often shared with immediate team members as well as corporate employees, and external people such as clients, vendors, and partners. While it is very easy to share information in SharePoint to a wide audience, the other important factor is to restrict access to certain information in the portal by set up appropriate user security access. This is especially important with external users such as clients and partners where you want them to only “need-to-know” pages. As the system admin, you can create a security structure to enforce user access to the system by several methods:
User authentication through IIS. This is the first level of security. SP does not perform its own authentication, but rather rely on IIS. Authentication is the process of verification of identity of a person or process that needs access to SP server. IIS authentication mechanism requires an NT account, either local machine or Active Directory (AD) account.
Site Groups Permissions. Site groups let you specify which of your users can perform specific actions in your site. For example, a user who is a member of the Contributor site group can add content to Windows SharePoint Services lists, such as the Task list, or a document library.
Per-list Permissions. You can manage permissions more finely by setting unique permissions on a per-list basis. For example, if you have a document library containing sensitive financial data for the next fiscal year, you can restrict access to that list so that only the appropriate users can view it. Per-list permissions override site-wide permissions for the lists.
Site Collection Permissions. You can also manage user at the Site Collection level. A Site Collection is a set of logically related Web Sites that can be collectively managed, and each Site Collection has a single top level Web Site. Site Collection permission is managed trough setting up Cross Site Groups. Users can be added to cross site group where they are rolled up at the site collection level, and can be managed at that level and are scoped to the site collection level.
From a practical implementation level, implement access policy for external users can be complicated and time consuming affair due to:
- All users have access to home page and top level menu by default, so limiting a sub site or a page to a set of user have to be well designed and throughout tested.
- Site Group and Cross Site Group can be used to enforce security access, but will often break down when users belongs to multiple groups, especially when there are mix use of these group both as security and functional areas.
- It is a tedious process to set up the security and test all possible combination of navigation, especially for a larger site where site administrator have the freedom to create links to other sites within the portal.
The User Redirect Web Part will provide the portal admin a simple way to route users from the sites where they are not suppose to have access.