I'm building a business app where read and write access permissions are important. The project is a Provider hosted MVC 5 / SharePoint app built in Visual Studio 2012.
Johnny needs to be able to Read
and Write
content on SharePoint App A
AND SharePoint App B
Dave needs to only be able to Read
content on SharePoint App A
I've looked over a lot of documentation including this tutorial: http://www.itunity.com/article/sharepoint-permissions-manage-access-sql-data-709
The problem is if I give Dave Read access at the site level he is allowed to access SharePoint App A
but also SharePoint App B
.
How do I effectively use SharePoint permissions to stop this unintended behaviour?
Should I even be using SharePoint permissions?
2nd example:
I am building an app for project management, there will be an Engineer who is able to create, read and edit projects, there is also an Accountant who views the projects billables.
If I give Read permissions to Engineer and Read permissions to Accountant, how do I know which can view the project details and which can view the project's billables?
On the permissions page for the list, on the Edit tab, click Grant Permissions. Type the name of the group or the individual you want to grant access to in the Users/Groups box. Choose the level of permissions you want the group or individuals to have. Click OK.
Open your SharePoint site settings → Click “Site Permissions”. Click “Check Permissions” → Enter the username of the user whose permissions you want to check -> Click “Check Now”.
I read the article you linked to, and I am not sure that this is "authorization", the right word is "authentication", in sharepoint you set what a user can do, authorization means- which data user can read or write
so a simple solution for you is creating Group in sharepoint, for any authorization type you have, for example, a group called "Engineer", and gives it the permissions you need, your engineers will be members in this group.
in your MVC attribute, accept the group as parameter and check if user is member in this group, show the user the relevant data according to its group
public SharePointPermissionsAuthorizationAttribute( params string group) { _groups = groups; }
[SharePointEffectivePermissionsFilter("Engineer"]
public ActionResult Index() { ... } }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With