Pau Lo
asked on
sharepoint uploaded docs
I am new to sharepoint, but if you have a document that you want to allow a user to upload to a SP site - but once uploaded only offer the document as a read-only to everyone except the original "uploader" (who can modify if they want).
1) Can you elaborate where you set the files access control list, and can this type of setup be achieved? And can anyone show a screenshot of how the access control list to the file looks, i.e. where you can demonstrate who can access, edit, modify etc, to satisfy auditors?
2) And also how can you see revision history of that document, i.e. any amendments made, can you show a screenshot of how and where you can see the actual audit logs for amendments made to the document, to also satisfy auditors.
3) where do sharepoint documents "go", i.e. are they sat on say a file share on the sharepoint server, or do they go into an actual MSSQL DB? If they go on a file share, would the NTFS permissions mirror the sharepoint permissions for the file?
I am doing this blind, as I don't currently have access to a sharepoint site to demonstrate this, but I am pretty sure it can be done.
1) Can you elaborate where you set the files access control list, and can this type of setup be achieved? And can anyone show a screenshot of how the access control list to the file looks, i.e. where you can demonstrate who can access, edit, modify etc, to satisfy auditors?
2) And also how can you see revision history of that document, i.e. any amendments made, can you show a screenshot of how and where you can see the actual audit logs for amendments made to the document, to also satisfy auditors.
3) where do sharepoint documents "go", i.e. are they sat on say a file share on the sharepoint server, or do they go into an actual MSSQL DB? If they go on a file share, would the NTFS permissions mirror the sharepoint permissions for the file?
I am doing this blind, as I don't currently have access to a sharepoint site to demonstrate this, but I am pretty sure it can be done.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Site Settings => Site Permissions
If you do not see the "Site Settings" menu in the upper (left if SP2010, right if SP2007 / 2013) then you do not have proper permissions
If you do not see the "Site Settings" menu in the upper (left if SP2010, right if SP2007 / 2013) then you do not have proper permissions
ASKER
What if you have documents on the same site with different ACL requirements, can this be done? Or do files uploaded in a site typically inherit permissions set at site level, as would a document added to a directory on an NTFS directory on windows.
ASKER
and can you recommend a link that discusses the various types of permission you can apply to a site/document, i.e. similar to ntfs
Is there a particular issue that you are attempting to resolve?
SharePoint, despite its unfortunate common perception as such, is not a file share and really should not be treated as a file share.
For instance - Every object in a file share has three permissions : R, W, and X for both of its objects (files and directories)
Since SharePoint is a collaboration, CMS/publishing, and general application toolset, it has many more permissions. It also contains Permission Levels which have a number of permissions rolled up into it.
For instance, the Contribute Permission Level contains 21 permissions (such as utilizing SOAP features, viewing user information, creating alerts, working with versions, etc). This is one of many (many, many) reasons that SharePoint should not be thought of as a file share.
Does that help at all?
SharePoint, despite its unfortunate common perception as such, is not a file share and really should not be treated as a file share.
For instance - Every object in a file share has three permissions : R, W, and X for both of its objects (files and directories)
Since SharePoint is a collaboration, CMS/publishing, and general application toolset, it has many more permissions. It also contains Permission Levels which have a number of permissions rolled up into it.
For instance, the Contribute Permission Level contains 21 permissions (such as utilizing SOAP features, viewing user information, creating alerts, working with versions, etc). This is one of many (many, many) reasons that SharePoint should not be thought of as a file share.
Does that help at all?
ASKER
>Is there a particular issue that you are attempting to resolve?
just to establish a baseline knowledge of what kind of access control you can enforce on files in sharepoint, and how to check what they currently are.
Although I appreciate its not like a file share per se, the same concepts apply, i.e. if you need to be able demonstrate only the right/approved people can access a file, be that in sharepoint, file share, inside a RDBMS etc - you need to know where to look and how to prove the current access that file.
just to establish a baseline knowledge of what kind of access control you can enforce on files in sharepoint, and how to check what they currently are.
Although I appreciate its not like a file share per se, the same concepts apply, i.e. if you need to be able demonstrate only the right/approved people can access a file, be that in sharepoint, file share, inside a RDBMS etc - you need to know where to look and how to prove the current access that file.
Permissions auditing in SharePoint is infamously lacking - you can check if a single user has permissions at a particular level, but there are basically no security auditing tools OOB - when we are requested to provide some form of audit report, I have to write a PoSH script that interacts with the server object model to pull that info but there are also 3rd party tools that do the same.
ASKER
Thanks for the heads up
ASKER
1) I was just wondering where you can see the access control list for a site/file - ie where you can actually see the ACL for a document uploaded to sharepoint (can you show an example), and what kind of permissions are available for the file, i.e. so I can get it in my head how it is similar to NTFS permissions