Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sharepoint Provider Hosted User Permissions

I'm building a business app where read and write access permissions are important. The project is a Provider hosted MVC 5 / SharePoint app built in Visual Studio 2012.

Johnny needs to be able to Read and Write content on SharePoint App A AND SharePoint App B

Dave needs to only be able to Read content on SharePoint App A

I've looked over a lot of documentation including this tutorial: http://www.itunity.com/article/sharepoint-permissions-manage-access-sql-data-709

The problem is if I give Dave Read access at the site level he is allowed to access SharePoint App A but also SharePoint App B.

How do I effectively use SharePoint permissions to stop this unintended behaviour?

Should I even be using SharePoint permissions?

2nd example:

I am building an app for project management, there will be an Engineer who is able to create, read and edit projects, there is also an Accountant who views the projects billables.

If I give Read permissions to Engineer and Read permissions to Accountant, how do I know which can view the project details and which can view the project's billables?

like image 546
Smithy Avatar asked May 18 '15 12:05

Smithy


People also ask

How do I set user permissions in SharePoint?

On the permissions page for the list, on the Edit tab, click Grant Permissions. Type the name of the group or the individual you want to grant access to in the Users/Groups box. Choose the level of permissions you want the group or individuals to have. Click OK.

How do I see user permissions in SharePoint?

Open your SharePoint site settings → Click “Site Permissions”. Click “Check Permissions” → Enter the username of the user whose permissions you want to check -> Click “Check Now”.


1 Answers

I read the article you linked to, and I am not sure that this is "authorization", the right word is "authentication", in sharepoint you set what a user can do, authorization means- which data user can read or write

so a simple solution for you is creating Group in sharepoint, for any authorization type you have, for example, a group called "Engineer", and gives it the permissions you need, your engineers will be members in this group.

in your MVC attribute, accept the group as parameter and check if user is member in this group, show the user the relevant data according to its group

   public SharePointPermissionsAuthorizationAttribute( params string group) { _groups = groups; } 




[SharePointEffectivePermissionsFilter("Engineer"]
 public ActionResult Index() { ... } } 
like image 106
Elisheva Wasserman Avatar answered Oct 27 '22 08:10

Elisheva Wasserman