Solved

sharepoint uploaded docs

Posted on 2013-12-02
9
368 Views
Last Modified: 2013-12-06
I am new to sharepoint, but if you have a document that you want to allow a user to upload to a SP site - but once uploaded only offer the document as a read-only to everyone except the original "uploader" (who can modify if they want).

1) Can you elaborate where you set the files access control list, and can this type of setup be achieved? And can anyone show a screenshot of how the access control list to the file looks, i.e. where you can demonstrate who can access, edit, modify etc, to satisfy auditors?

2) And also how can you see revision history of that document, i.e. any amendments made, can you show a screenshot of how and where you can see the actual audit logs for amendments made to the document, to also satisfy auditors.

3) where do sharepoint documents "go", i.e. are they sat on say a file share on the sharepoint server, or do they go into an actual MSSQL DB? If they go on a file share, would the NTFS permissions mirror the sharepoint permissions for the file?

I am doing this blind, as I don't currently have access  to a sharepoint site to demonstrate this, but I am pretty sure it can be done.
0
Comment
Question by:pma111
  • 5
  • 4
9 Comments
 
LVL 8

Accepted Solution

by:
vaderj earned 500 total points
ID: 39690863
First off, SharePoint is designed upon a hierarchy :

1.) SharePoint Farm : Holds multiple Web Applications (among many many more things)

2.) Web Application : Holds multiple site collection (among other things) (not directly accessible)  - no permissions editing

3.) Site collection : (not directly accessible) Holds multiple Subsites / webs - only a single permission (Site collection administrator)

4.) Subsite / web : This is the "SharePoint site" (or this is the "SharePoints") that users access.  It contains, among many other things, lists (which include libraries).  This is also the first line of true permissions - you can add / remove groups and people who have access at this level

5.) Lists / Libraries : Must be contained within a subsite.  They contain list items (a file is simply an attachment of a list item)  These can also have their security inheritance broken and can be assigned unique permissions relative to its' parrent

6.) List Item / file : Must be contained within a list / library.  Can also have its security inheritance broken from its parent list

To answer your questions:
1.)  Site collection administrators (or anyone with "Full Control" (and other roles)) can modify permissions - there are multiple ways of doing this - elaboration on your specific circumstances would help, else there is google

2.) File versioning must be enabled for the specific library you are referring for this to work.  If you want to see the specific file version history, you can click the dropdown menu for a particular list item and select its version history

3.)  By default, all SharePoint content resides on the site collections given content database which lives in MS SQL Server.  Best practices say that the SQL server should be a separate server(s)
0
 
LVL 3

Author Comment

by:pma111
ID: 39690871
Thanks

1) I was just wondering where you can see the access control list for a site/file - ie where you can actually see the ACL for a document uploaded to sharepoint (can you show an example), and what kind of permissions are available for the file, i.e. so I can get it in my head how it is similar to NTFS permissions
0
 
LVL 8

Expert Comment

by:vaderj
ID: 39690881
Site Settings => Site Permissions

If you do not see the "Site Settings" menu in the upper (left if SP2010, right if SP2007 / 2013) then you do not have proper permissions
0
 
LVL 3

Author Comment

by:pma111
ID: 39690898
What if you have documents on the same site with different ACL requirements, can this be done? Or do files uploaded in a site typically inherit permissions set at site level, as would a document added to a directory on an NTFS directory on windows.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 3

Author Comment

by:pma111
ID: 39690901
and can you recommend a link that discusses the various types of permission you can apply to a site/document, i.e. similar to ntfs
0
 
LVL 8

Expert Comment

by:vaderj
ID: 39690924
Is there a particular issue that you are attempting to resolve?

SharePoint, despite its unfortunate common perception as such, is not a file share and really should not be treated as a file share.

For instance - Every object in a file share has three permissions : R, W, and X for both of its objects (files and directories)

Since SharePoint is a collaboration, CMS/publishing, and general application toolset, it has many more permissions.  It also contains Permission Levels which have a number of permissions rolled up into it.

For instance, the Contribute Permission Level contains 21 permissions (such as utilizing SOAP features, viewing user information, creating alerts, working with versions, etc).  This is one of many (many, many) reasons that SharePoint should not be thought of as a file share.

Does that help at all?
0
 
LVL 3

Author Comment

by:pma111
ID: 39690937
>Is there a particular issue that you are attempting to resolve?

just to establish a baseline knowledge of what kind of access control you can enforce on files in sharepoint, and how to check what they currently are.

Although I appreciate  its not like a file share per se, the same concepts apply, i.e. if you need to be able demonstrate only the right/approved people can access a file, be that in sharepoint, file share, inside a RDBMS  etc - you need to know where to look and how to prove the current access that file.
0
 
LVL 8

Expert Comment

by:vaderj
ID: 39690971
Permissions auditing in SharePoint is infamously lacking - you can check if a single user has permissions at a particular level, but there are basically no security auditing tools OOB - when we are requested to provide some form of audit report, I have to write a PoSH script that interacts with the server object model to pull that info but there are also 3rd party tools that do the same.
0
 
LVL 3

Author Comment

by:pma111
ID: 39690975
Thanks for the heads up
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now