| |||||
| |||||
In document management, it is important to restrict access to sensitive information. In some cases, it is important to restrict the viewing of a document to those who edit or approve it until it is ready for a larger audience.
In the backward-compatible document library, Microsoft Office SharePoint Portal Server 2003 uses roles to offer a flexible method to control access to documents. Assigning a user to a role gives that user permission to perform specific tasks, such as creating or editing documents. Roles in the document library add actions such as check-in, check-out, publish, and approve to traditional file-access permissions, such as read, write, and change.
Note You cannot customize permissions assigned to roles as you can with site groups. Access permissions for the three roles are fixed and cannot be modified.
Backward-compatible document libraries in SharePoint Portal Server use the following three roles:
Note Coordinators also have all of the rights and permissions of authors and readers.
Note Authors also have all of the rights and permissions of readers.
Note By default, the Windows Everyone domain group is assigned to the Reader role for all folders. This allows everyone in your domain to read published documents.
SharePoint Portal Server also offers the option of denying users access to specific documents. Use on a document-level basis to prevent a user from viewing a specific document.
If you are the coordinator at the document library level, you can assign roles for the backward-compatible document library and for individual folders. If you are the coordinator on a specific folder, you can assign roles only on that folder. When you create a subfolder, it inherits security settings from its parent folder by default. As a coordinator, you can choose to have the role settings on the subfolders change dynamically when the parent folder settings change, or you can choose not to inherit dynamically. When inheritance is canceled, the subfolders retain their role membership settings even if the settings on the parent folder change.
As an author, any subfolders you create automatically inherit the role assignments from the parent folder. You cannot change the security settings for your folder. You can have different roles for different folders in the same document library. For example, in one folder a user may be assigned to the Reader role only, while in another folder, the same user may be assigned to the Author role. If you assign a group to a role on a folder, all members of that group are assigned to the role. However, if you then assign a role to an individual member of that group, that individual gains the most permissive combination of the two roles. The exception to this is Deny Access, which takes precedence over all roles. If you specify Deny Access on a document for an individual user or group, that user or group has no access, regardless of other roles they may have for the folder.
Show All
Hide All
How many roles are there?