Step 4:  Select the Roles (SharePoint Security)

Microsoft SharePoint Authorization uses SharePoint Groups as roles to authorize users.  In the SharePoint environment, groups are specific to the Site Collection.  Each SharePoint Web Application can have multiple site collections and each site collection can have its own set of groups.  Users can belong to groups in different site collections.

A user role is a pairing of a site collection and a group.  For example, if you secure a page to be available to members of the Viewers group in CustomSiteCollection, members of a Viewers group in the root site collection will not be able to see it.  Finally, different web applications can have site collections and groups with similar names.  It is possible to configure authentication to be specific to certain web application or to be common for all web applications.

You can choose one of two ways to retrieve group information from the SharePoint environment: using web services or using a direct connection to your SharePoint server.

Using web services to retrieve SharePoint groups

To select groups from a certain web application and a certain site collection, you must provide a URL pointing to any site in this site collection.  For example, if your web application has 10 site collection and you want to have all groups from each site collection available for security configuration you must provide all 10 URLs.  The screen shot above shows two URLs pointing to two site collections (“/” and “/sites/custom/ “) inside the “qa-sharepoint:35831” web application. 

Although you can configure groups from site collections belonging to different web applications, you should configure one web application at a time.  For example, to configure groups for web application w1 and w2, first add all groups from application w1.  Then revisit this Security Wizard step and provide URLs belonging to application w2 and proceed to the next step in the Security Wizard again.

In order to ascertain the list of groups, you must provide login credentials sufficient for Iron Speed Designer to access your SharePoint server via a web services call.  You may use Windows login credentials if your SharePoint Server is in the same Active Directory domain as your workstation where Iron Speed Designer is running and SharePoint can authenticate your username.  Otherwise provide your username, password and Active Directory domain you belong to.

Using SharePoint server connection to retrieve SharePoint groups

Using a direct connection to the SharePoint database allows Iron Speed Designer to see all web applications at once and does not require knowledge of all site collections – this information will be retrieved automatically from SharePoint database.  However the direct connection method requires credentials to log into the Microsoft SQL Server database containing the group information, knowledge of the exact database name, and sometimes knowledge of the SharePoint database schema.  Usually Iron Speed Designer is able to find tables for each application’s database where site collection and group information is stored, but in non-standard configurations you might need to select these tables manually.  Similarly to the web services approach, you can configure one web application at a time.

See Also

Security Wizard