Веб апликација за приватност, Безбедноста сајтови и безбедност Порамнување — Знаете вашата конфигурација

(Актуелни 11/29 да се објасни како да пристапите веб апликација политика поставувања преку адаптери)

I had one of those "why is MOSS doing this to me????" moments today. На крајот, сето тоа е моја вина.

We have an enterprise MOSS project going on and we want to secure "place holder" sites so that no user may access it or see it. That’s easy:

  1. Go to the site.
  2. Break the security inheritance.
  3. Remove every user/group from site permissions.

The above should leave just the site collection administrator with permission to see the site.

If anyone else logs in, they should no longer see the site and it should be security-trimmed from all the usual places.

Но … тоа не беше. Во исто време, I suddenly realize that my "Joe User" standard user test account with no priv’s other than restricted read access has a "Site Actions" choice everywhere he goes. I double check one thing and double check something else. I pick up the phone to call a colleague, but put it down and check something else. I go for a walk and try everything all over again. I call a colleague and leave a message. And then, конечно, I find that at Ethan’s blog, his opening graph makes it quite simple:

Мос 2007 has a new feature called Web Application Policies. These are security permissions that is tied to a Web Application. These security settings override any security setting that is set at the Site Collection or Site (Web) level for that user.

A quick visit to web application policies shows that "NT Authority\authenticated users" had been granted Full Read. I removed them from the list and everything finally started working as expected. I believe they were added in the first place by someone with the mistaken impression that that is best method to grant read access to everyone in the enterprise. It does, но, to strain a quote, "It does not mean what you think it means."

Access web application policies this way:

  1. Go to Central Administration
  2. Select Application Management
  3. Select "Policy for Web Application"
  4. On that screen, make sure you pick the correct web application. За мене, it defaults to the web application of central admin which may not be the one you want.

When I had this problem, I searched for the following phrases and got surprisingly little in terms of direct help on this issue:

Site actions visible for all users

Site actions visible to all users

site actions are not security trimmed

secure a MOSS site

introduction to moss security

Technorati Тагови:

4 размислувања за "Веб апликација за приватност, Безбедноста сајтови и безбедност Порамнување — Знаете вашата конфигурација

  1. Miguel
    That fixed my problem… Благодарение!
    But probably it’s better to change the rights user to "Deny to all – No access" instead of deleting from the list. That produces the same effect but it’s easier to give back the rights to the users just in case of problems
  2. RichRockwell wrote:
    I had the same problem, and this fixed it. I had seen NT Authority\authenticated users in my web app policy, but thought it was supposed to be there because I didn’t put it there. Removing it fixed the problem.
    Благодарение

Остави Одговори

Вашата е-маил адреса нема да бидат објавени. Задолжителни полиња се означени *