Tag Archive for security

Fine Grained Permissions in 2013

Setting item level permissions was straight forward in SharePoint 2010, you selected the items you wanted to break inheritance on and selected the Permissions item. When moving to SharePoint 2013 and trying to do the same thing, to a lot of users this functionality appears to no longer exist. Worry not!

To set item level permissions for an item (or multiple items) select the candidate items and switch to the Items tab in the ribbon.

Shared With

Notice the ribbon item called Shared With. This is what replaces the Permissions item from 2010. Click it and a list of users that the item is shared with loads.
Read more

PeopleEditor control not available error

If you’re using a PeopleEditor control in your solution and enforce the filtering of selectable users by specifying a SharePoint group in the SharePointGroup property you may see the following error instead of the PeopleEditor control:

The control is not available because you do not have the correct permissions

This can happen if the context user does not have adequate permissions against the SharePoint group you specified as the filter group.

For instance, if you create a dummy group to contain the filtered set (where the users are also part of another group which grants them specific permissions) and do not grant any permissions to it when creating, it this error will occur for the majority of users, except the admin users.
Read more

Impersonate SharePoint User

This is a post that I’d imagine most people who have been developing with SharePoint will be aware of but I thought it might be worthwhile blogging about.

I’ve seen code where people have tried to impersonate a user to perform actions against a SharePoint file by using the LogonUser function.

[System.Runtime.InteropServices.DllImport("ADVAPI32.DLL")]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out int phToken);

When working with SharePoint, there is no need for this. For starters, the above function requires you to know the user’s password. Now, of course, there are good reasons why the business rules may require this and I’m not saying it shouldn’t be implemented that way. For the scenarios where this is not required, there’s a very easy and simple way of impersonating a valid SharePoint user, without having to know their password.
Read more

Follow

Get every new post delivered to your Inbox

Join other followers: