| |||||
| |||||
Before a user can access content in a backward-compatible document library, you must assign that user to a role. Roles add actions such as check in, check out, publish, and approve to traditional file-access permissions, such as Read, Write, and Change. Assigning a user to a particular role gives the user the ability to perform specific tasks.
Each user can have multiple roles in the document library. For example, in one folder, a user may be a reader, while in another folder the same user may be an author. You can also distribute management tasks among a number of coordinators. For example, at the document library level, you can have coordinators to manage the document profiles and document library security. At the folder level, you can delegate responsibility for managing folder-level security, selecting appropriate document profiles, and designating an approval process for the content in those folders.
You can assign users to roles at the document library level. This list of users and their roles will be inherited by all folders that inherit security settings from that level. To assign users to roles at the document library level, you open the Web folder for the document library, open Workspace Settings, and click the Security tab. To assign roles for individual folders in the document library, you must configure those roles by editing the properties for the individual folders.
Note Security settings on individual folders determine what users see in the backward-compatible document library. This means that a user assigned a role at the document library level may not have the same role at the folder level. For example, if you assign a user to the Reader role at the document library level, that user is a member of the Reader role for all folders that inherit security from that level. If you assign the same user to the Coordinator role at the folder level, that user is a coordinator for that folder only.
When you add a user to a backward-compatible document library, the default role for the user is Reader, which grants the user the ability to view all published documents in the document library. If you want to allow the user to modify documents or manage a folder, you must assign that user to a new role. By default, Microsoft Office SharePoint Portal Server 2003 assigns the Windows Everyone group to the Reader role for all folders when you create the backward-compatible document library. This means that everyone in your domain can read published documents.
You can select users from your existing Windows domain or local users and groups and assign them to roles. You can define these users and groups locally on the server or on the domain of which the server is a member.
Note It is strongly recommended that you use domain user and group accounts when you assign a role to a user. SharePoint Portal Server cannot recognize local user server accounts from the SharePoint Portal Server computer when it crawls content located on another server.
SharePoint Portal Server assigns the local administrators group to the Coordinator role at the document library level. All members of the local administrators group can add themselves or others as coordinators and then configure security on any folder or document. This group cannot be removed from this role. In the event that, through accident or malicious intent, the folder is made unavailable to those who should have access to it, a member of the local administrators group can always restore roles for the document library and for individual folders.
Note Denying access to a document does not affect the local administrators group's access to that document.