.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

how do you balance admin and developer roles in managing security/audience and troubleshooting user

Posted By:      Posted Date: October 22, 2010    Points: 0   Category :SharePoint

We're a 500-person services business, relatively new to SharePoint and recreating many legacy applications in SharePoint.  We have a couple developers and an administrator and have been trying very hard to segregate those roles.  The administrator controls Audiences, SharePoint groups, Distribution Lists, etc.  Developers have read access to Active Directory, but no rights to view or edit SP groups, Global Audiences, or Distribution Lists.   When user issues arise, the developer must always suspect a group membership problem but can't know enough to confirm or deny.

I would love to hear how others handle this.  Do your developers have admin rights? (And what problems does that cause?).  Do you have strict naming conventions to differentiate GA from SP from Dist List?  Do you have 3rd party tools to synchronize groups, so you can have perfect confidence that the Global Audience "Busboys" contains exactly the same users as the Active Directory group "Busboys?"  Is there a way for developers to have read-only access to the various groups so they can troubleshoot membership problems without endangering security?

View Complete Post

More Related Resource Links

Two roles Admin,User. How do I configure the Web config file?


After reading this helpful thread on the same subject, I still haven't quite got it.

I want these rules:

Allow Admin to everything

Deny all none authenticated users from everything

Allow User to everything exept one page 'UserAdmin.aspx'

Here is my attempt at the last item


  <location path="~/UserAdmin.aspx">
                <allow roles="Admin"/>
                <deny roles="User"/>
                <deny users="*"/>

The problem is the account with the user role is either getting all access or no access.


Look it Up: Managing Directory Security Principals in the .NET Framework 3.5


Here's an overview of the new System.DirectoryServices.AccountManagement class in the .NET Framework 3.5 and how it simplifies working with directory services.

Joe Kaplan and Ethan Wilansky

MSDN Magazine January 2008

Cutting Edge: Managing the User Experience in AJAX


This month Dino takes a look at limitations and UI issues in Partial Rendering AJAX pages and techniques for managing the UI.

Dino Esposito

MSDN Magazine November 2007

ASP.NET: Nine Options for Managing Persistent User State in Your ASP.NET Application


ASP.NET provides many different ways to persist data between user requests. You can use the Application object, cookies, hidden fields, the Session or Cache objects, and lots of other methods. Deciding when to use each of these can sometimes be difficult. This article will introduce the aforementioned techniques and present some guidelines on when to use them. Although many of these techniques existed in classic ASP, best practices for when to use them have changed with the introduction of the .NET Framework. To persist data in ASP.NET, you'll have to adjust what you learned previously about handling state in ASP.

Steven Smith

MSDN Magazine April 2003

Security Tips: Defend Your Code with Top Ten Security Tips Every Developer Must Know


There are many ways to get into trouble when it comes to security. You can trust all code that runs on your network, give any user access to important files, and never bother to check that code on your machine has not changed. You can run without virus protection software, not build security into your own code, and give too many privileges to too many accounts. You can even use a number of built-in functions carelessly enough to allow break-ins, and you can leave server ports open and unmonitored. Obviously, the list continues to grow. What are some of the really important issues, the biggest mistakes you should watch out for right now so that you don't compromise your data or your system? Security experts Michael Howard and Keith Brown present 10 tips to keep you out of hot water.

Michael Howard and Keith Brown

MSDN Magazine September 2002

Adding user to certain roles


I have setup ASP security in my application. I used the following tutorial, just wondering if someone can tell me how i can setup this up to allow the creation of a user?


Can someone tell me where to find or what to search on to find some example of how to add the option for adding users?

I have the above setup and its working, but only because of the accounts i created with my global.asax file.
I need to give the admins access to add a new user. Currently i can search on existing users and update them, but need to add the ability to add a new user.

Can't find AD security group while creating Audience rule


Hi guys,

I'm trying to create audience rule : all members of AD group. But when I try to choose a security group I need I can't find in search window. Though I see another groups. So in a whole the problem is I can't see all the AD groups but only some of them. It doesn't depends on on its type (global or local domain).

What could be a reason?

Blank Managing My Links Page for Just One User



I've got a single user who's not able to manage his links in MOSS 2007. The links I speak of are gotting to via http://<<your:mysite>>/_layouts/myquicklinks.aspx. Other users have no issue.

I read somewhere that this might be caused by the user in question having added an improperly formated link. My issue is how can I check for that condition and correct it? Any thoughst would be much appreciated.





stsadm Import command + include user security



When I move sites from test to staging to production, I am using the stsadm –o export command with the –includeusersecurity option in the staging environment.  In production environment, I then use the stsadm –o import command with the –includeusersecurity option.  I was assuming that this option was bringing over the security on the exported site only.  This does not seem to be the case.

Last night I exported one sub site to produtction.  Today, I was notified that the security groups on other sub sites have been altered.  


So why is it when using the –includeusersecurity option effect all sub sites and not just the one sub site being moved from staging to production

Developer Training: User Interfaces and Lists in SharePoint 2010

Learn about the new user experience in SharePoint 2010 and how you can use the new UI in your customizations. This training module also discusses improvements in list handling, including list relationships and new form-rending options.

Administrator and Developer Guide to Code Access Security in SharePoint Server 2007

Explore configuration options, get best practices for managing CAS in SharePoint environments, and walk through a complex CAS scenario.

Learning Snack for IT Professionals: Managing and Troubleshooting with Microsoft SharePoint 2010

Learn about the powerful performance improvement in SharePoint 2010, large list resource throttling, unattached content database recovery options, and how to use the SharePoint Best Practices Analyzer.

How to determine if current SQL User is admin or owner?

I wish to determine, from my C# application, if the current user has admin or owner rights to the database they are connected to. I beleive I have all the information required: Servername Database name Windows/Database auth username (If database auth) password (if database auth) I'm trying to find a way that using the smo objects (smo.user), but as of yet I cant quite work it out: - How to get the appropriate user - How to determine if that user is an admin/owner. Any tips would be appreciated. If I have posted to the wrong forum, let me know - I couldnt find one that was obviously more appropriate. Thanks.

Checking SQL Server User Roles and Creating SQL Server Users using VB.NET

Hello gurus!Firstly I want to apologies if this question is out of place here.. if someone can direct me to the correct forumn great and Thanks!I have a VB.NET application which uses its own Backend Database (MSSQL Server). I need to distribute this application to sites where there will be an existing SQL Server.So I will need to Create the Database on this server. The Application includes methods for building the database on startup if not already connected to one.However the users windows logon may not have the correct permission to connect and create a Database on the Server. I have a DB Setup form in my application which asks for the Servname, Username, Password and Database name. I have catered for Windows Authentication and SQL Server Authentication within the form - the user makes the choice.Assuming they enter a Username and Password for SQL Server Athentication then I will be trying to connect using this user and create the database on the given server. The following is my outline logic:-                                                                  Create db Process                                                                             |                                                                             |                                                               Check Credentials                                                                   / 

How to check if a given user is local admin or not

Hi, How to check if a user (may be domain user also) is part of local administrators group or not? Note I am NOT talking about checking of current logged in user. I should send the username & passowrd of any user (may or may not be domain user) & that should flag me whether that user is local admin or not. Please help.

How to let a non admin business user run a replication snapshot job?

According to the msdn library, I would have to give the non admin user (User1) SQLAgentUserRole privileges. But it also says that it has to be a local job and not a multi server job. Is the snapshot agent job a local or multi server job? Considering the snapshot agent is a local job and i make USER1 the owner of that job. He should be able to run the job rite? I need to give USER1 the ability to run sp_start_job to start the snapshot agent ONLY! (and not any other jobs). So what are the steps to do this? I also read that the only way to achieve this is by creating a proxy account? Is there an article somewhere that best describes this?  
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend