Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
EPL Standings
 
 
Windows Server

SharePoint 2010 : Securing Information - Securing Lists

- 2014 Ferrari GTE Concept Review and Price
- 2014 Porsche Macan Brings Magnificent Performance
- 2014 Mercedes-Benz CLA 45 AMG Test Drive
7/4/2011 11:38:06 AM
Many of the same features for securing information at the site level apply to the list level, too. The following sections focus on those aspects of list security that are not redundant to managing security at the site level.

1. Content Approval

Content Approval is an advanced setting that prevents a new item in a list from appearing until the item has been approved by a user with approval rights. This setting must be enabled if you plan to use approval workflows that can be initiated with the publication of a minor version to a major version. Even in lists or libraries in which versioning is turned off, new items will still need to be approved before users with Read-Only permissions can view the content item. Figure 1 illustrates a document in a Pending state that has been uploaded to a library with Content Approval enabled.

Figure 1. Document in a pending state because the Content Approval feature is enabled


When the Content Approval feature is enabled, existing content items will be approved automatically. If Major/Minor versioning is also enabled, then the last major version will automatically be approved. Any existing documents that are checked out will automatically show as being Approved, but when they are checked in, they will go into a Pending state until the check-in action is approved.

The easiest way to approve a document is to click the drop-down arrow for the document and select the Approve/Reject menu item, then select the Approved option (Figure 2). Another way you can approve a document is to highlight it in the library and then click the Approve/Reject Ribbon icon in the Workflows section. If you need to see a list of all the documents or list items that need approval, click the Library tab in the Ribbon (for document libraries; for lists, click the List tab) and then, under Current View, select the drop-down arrow and select the Approve/Reject Items menu option. Figure 3 illustrates what the content approval list looks like when there are one or more items in the list.


Note:

Items that are in the Pending state can still be viewed by users who have permissions if they have the exact URL to the content item. The Content Approval feature, is not a security feature by itself. Instead, like audiences, it is a view-crafting feature, but unlike audiences, it helps support approval workflows and the publishing of content items.


Figure 2. Approve/Reject page with comment input field


Figure 3. List of documents in a library in the Pending state


2. Versioning Settings

There are three types of version settings in SharePoint 2010: None, Major Only, and Major/Minor. When no versioning is selected, each time a content item is updated or uploaded into the list, it is immediately available for viewing by everyone who has at least View permissions to the list. Moreover, no version history is saved, so the only version of the content item is the current version. Because past versions are not saved, they cannot be retrieved.

Major Only versioning creates published versions each time a content item is updated or uploaded to a list or library. The main difference between no versioning and Major Only is that past versions of the content item are retained in their full-text form. But new versions are still immediately viewable and consumable by those with proper permissions.

Major/Minor versioning was first introduced in Microsoft SharePoint Portal Server 2001. It was taken out of Microsoft SharePoint 2003 and was put back into the SharePoint Server 2007 product; it has been retained in SharePoint 2010. Major/Minor versioning (M/M) allows for the development of a document or list item by a small team of content developers who then periodically publish updated versions of the document for a wider audience to consume. The versioning numbers will inform you which version of the document that you are working with. M/M versioning works with a two-numeral decimal system in which the number to the right of the decimal is the minor version and the number to the left of the decimal is the major version. For example, the version designation 0.2 means that you are on the second draft or minor version but have yet to publish a major version. The version designation 1.0 means that you have published your first major version of the document. The version designation 3.3 means that you have published three major versions, the third version is the current “public” version, and you are currently working on the third minor version, which you are using to create the fourth major version, which will be published for public consumption as 4.0.

Each time a document is published, the major versioning number will increment by one (1) and the minor version number will be reset to zero (0). Each time a minor version is checked in, the minor version number will increment by one (1), and the major version number will not increment or decrement.

The reason that M/M versioning can be viewed as a security feature is that currently published documents can continue to be viewed while updates to those documents are created in a secure, private way. You will want to use M/M versioning for documents that have public content that is updated periodically, such as a human resource policy manual, but for which you also want to hide the draft updates of those documents from public consumption.

3. Draft Item Security

Draft item security is only relevant when you have Major/Minor versioning enabled. Draft items are the same thing as minor versions and apply to all new documents created or uploaded into the library. Changing draft item security settings will not apply to those documents that already exist in the library.

The three settings for draft item security are

  • Any User Who Can Read Items

  • Only Users Who Can Read Items

  • Only Users Who Can Approve Items (and the authors of those items)

The default setting is Any User Who Can Read Items, which represents a problem if you want to hide minor versions from those who would consume documents from the library with Read permissions. The entire point of Major/Minor versioning is to create publicly or widely consumed documents that can continue to be consumed from the same location in which they are also being updated. Leaving draft item security at the default setting makes the Major/Minor versioning feature somewhat useless. However, if the published document is consumed from another location, then those with Read permissions on the source location where the document is created and updated may be only those who can edit the document, too. In that scenario, the draft item security setting isn’t that important, as long as the site owner controls who has Read permissions to the site and list.
Top Search -----------------
- Windows Server 2008 R2 : Work with RAID Volumes - Understand RAID Levels & Implement RAID
- Windows Server 2008 R2 Administration : Managing Printers with the Print Management Console
- Configuring Email Settings in Windows Small Business Server 2011
- Windows Server 2008 R2 : Configuring Folder Security, Access, and Replication - Implement Permissions
- Monitoring Exchange Server 2010 : Monitoring Mail Flow
- Windows Server 2008 R2 :Task Scheduler
- Windows Server 2008 R2 : File Server Resource Manager
- Windows Server 2008 R2 : Installing DFS
- Exchange Server 2010 : Managing Anti-Spam and Antivirus Countermeasures
- Windows Server 2008 R2 : Configuring Folder Security, Access, and Replication - Share Folders
Other -----------------
- Microsoft Dynamics GP 2010 : Viewing open items with the Task List
- Microsoft Dynamics GP 2010 : Managing personal reports with My Reports
- Microsoft Dynamics GP 2010 : Speeding up access to data with Quick Links & Rearranging Navigation to make it easier
- Microsoft Dynamics NAV : Installing Dynamics NAV - Preparing a Microsoft SQL Server database for Dynamics NAV installation
- Microsoft Dynamics NAV : Installing Dynamics NAV - Installing a SIDE database server
- Microsoft Dynamics NAV : Installing Dynamics NAV - Installing a Classic client
- SQL Server 2008 : Administering Database Objects - Working with Triggers
- SQL Server 2008 : Administering Database Objects - Working with Triggers
- Microsoft Dynamics GP 2010 : Reducing clicks with Startup shortcuts &Personalizing the Home page by selecting the right role
- Microsoft Dynamics GP 2010 : Getting faster access to data with the Shortcut Bar
 
 
Most view of day
- Security and Delegation in Configuration Manager 2007 : Securing the Configuration Manager Infrastructure (part 3) - Securing Configuration Manager Accounts
- Troubleshooting Stop Messages : Common Stop Messages (part 2)
- Microsoft Excel 2010 : Refreshing Pivot Table Data, Adding a Report Filter & Adding Pivot Table Data
- Microsoft Visio 2010 : Formatting Individual Shapes (part 1) - Which Formatting Attributes Can Be Edited?
- Microsoft Exchange Server 2007 : Consolidating a Windows 2000 Domain to a Windows Server 2003 Domain Using ADMT (part 5) - Migrating Computer Accounts
- Working with Windows Installer : Introducing Windows Installer
- Microsoft Systems Management Server 2003 : Configuring Software Metering (part 2) - Creating a Software Metering Rule
Top 10
- Microsoft Exchange Server 2010 : Defining Email Addresses (part 3) - Email Address Policies - Creating a New Email Address Policy
- Microsoft Exchange Server 2010 : Defining Email Addresses (part 2) - Email Address Policies - Changing an Existing Policy
- Microsoft Exchange Server 2010 : Defining Email Addresses (part 1) - Accepted Domains
- Microsoft Exchange Server 2010 : Basics of Recipient Management - Exchange Recipients
- Windows Server 2012 : File Services and Storage - Configuring iSCSI storage (part 7) - Using iSCSI Initiator - Creating volumes
- Windows Server 2012 : File Services and Storage - Configuring iSCSI storage (part 6) - Using iSCSI Initiator - Establishing a connection
- Windows Server 2012 : File Services and Storage - Configuring iSCSI storage (part 5) - Using iSCSI Initiator - Discovering targets
- Windows Server 2012 : File Services and Storage - Configuring iSCSI storage (part 4) - Using iSCSI Initiator - Configuring iSCSI Initiator
- Windows Server 2012 : File Services and Storage - Configuring iSCSI storage (part 3) - Configuring iSCSI Target Server - Creating iSCSI virtual disks
- Windows Server 2012 : File Services and Storage - Configuring iSCSI storage (part 2) - Configuring iSCSI Target Server - Installing the iSCSI Target Server role
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro