| My OpenNTF Projects |
|---|
| ASND Export Facility |
| ASND Mass Mailer |
| ASND Recruiting |
| Other Affiliated Sites |
|---|
![[Valid RSS]](validrss.gif/$file/validrss.gif "Validate my RSS feed")
![[Valid CSS]](validcss.gif/$file/validcss.gif)
This blog is hosted by
I have been working with another "developer" who is building a SharePoint site based on requirements that I have gathered from an end user. In going through the security settings for the site, something seemed to be missing and it took me a minute to figure out what it was. From what I could see, it looks as though the Author level of access has been left out of SP.
To me, the status level of Author goes hand in hand with the idea of ownership. I have always considered the Author of a document in Notes to be the owner of the document at that point in time, regardless of whether or not that person created this particular document. Author access only works with Author and Reader field values, so I am guess that equivalent field types don't exist in SP.
This idea of Authorship is central to every workflow application I have ever built. I'll be damned if I am going to "trust" my users to only edit a document when it's their turn in the review cycle. They are lucky if they can even see things that aren't ready for them to approve/edit.
While SP easily gives you the ability to allow users to edit any document on the site, I couldn't see how to set a user's access to only allow them to edit documents that they have created. You could modify the rights for a document to only allow specific people to edit the document, but then the connection to the central ACL is severed forever. The model employed by SP seems eerily similar to the model employed on a file server and we all know how much fun it is when 2 people try to edit a file at the same time.
Now to be totally fair, I only looked at SP for a few minutes, so I might have missed something totally obvious. The server is currently running WSS, so this might be a feature that you get when you upgrade to MOSS. Or this might be one of those core Notes features that seems necessary to us, but isn't that important to other vendors.
Will someone who has more experience with SP care to comment and set me straight?
Created 6/12/2008 2:18:06 PM email | website
For whatever reason, MS left this functionality out of the document libraries, even though it exists in a custom list. Our common workaround is to use a list when this functionality is needed.
Now, when using the content approval functionality, with or without a workflow, you can limit who can see the document (or version of a document) at different points in time, but it's not the same as the Notes "Author" access.
Created 6/13/2008 9:39:02 AM email | website
SQL Server does not have row-level ACL's. They hack around that limitation in Sharepoint by putting an obfuscation layer (I can't rightly call it security since it isn't) in the software.
Created 6/13/2008 9:57:22 AM email | website
@1 To me, that seems like a heck of a lot of work, especially when compared to what we do in Notes. Is this something that can be coded, as in if field A has a certain value, only these people can edit/see the document?
@2 I really don't mind if it's security by obscurity as long as a normal end user can't get around it and it's easy to implement.