Follow

Security configuration and replication

WorkPoint 365 contains several options for controlling permissions and access rights. Per default, permissions in SharePoint (and thus WorkPoint 365) are inherited like this:

Root web site -> Sub web site -> List -> Element

This is not always appropriate for WorkPoint 365 and a customer may have different requirements for how permissions are granted. The security in WorkPoint 365 can be configured on multiple levels.

These levels can be divided into the following areas:

  • Entity
  • Entity site
  • List on an entity’s site

The security can also be configured as if you were working with “normal” SharePoint or a combination of WorkPoint 365 security and SharePoint’s security. WorkPoint 365 only expands SharePoint’s security model with intelligent automation's which in principle could be maintained manually by users. Therefore, WorkPoint 365 “simply” makes sure that the correct permissions are maintained automatically in the areas mentioned above.

Security functions

Two different functions have been developed to automate the security settings in WorkPoint 365. The functions can be used separately or in combination.

  • Inheriting permissions using the WorkPoint 365 data model
  • Rule based control of permissions
Inheriting permissions using the WorkPoint data model

WorkPoint 365 gives you the opportunity to change the way inheriting permissions works in SharePoint. You can configure business module security settings to ensure that entities inherit their permissions from their parent (an example is a project inheriting permissions from the company which is the project’s parent).

For this purpose, the “Security Replication Engine” has been developed. This engine makes sure that the security model is maintained if permissions are changed.

With scheduled jobs this engine makes sure that the security model is maintained. When a user makes changes to the security settings, these changes are applied when the engines scheduled job has been executed. You can run the engine in eitherfullorincrementalmode.

  1. Full mode maintains permissions for all entities in WorkPoint 365
  2. Incremental mode only applies any changes made since the last run.
Inheriting permissions using the WorkPoint data model
Rule based control of permissions

With the help of rules it is possible to define unique rights for each entity based on rules. These rules can base themselves on static information or use meta data from the entity that defines security. E.g. you could imagine that you are using a “Project Manager” field in a Project module to define the user allowed to edit an item. It is also possible to use the fields from the parent’s entity.

Open business module security settings
Open business module security settings
  1. From the WorkPoint 365 administrative dashboard click on the business module heading
  2. Click on Security Settings
Edit business module entity security settings
Edit business module entity security settings
  1. Select the security behavior you want to use for business module entities
  2. The description explains the difference between the selections
Edit business module entity site security settings
Edit business module entity site security settings
  1. Select the security behavior you want to use for the business module entity sites
  2. The description explains the difference between the selections
Security Rules
Security Rules
  1. To configure a security rule select "Use Security Rules" and click on Save
  2. Click on Add security rule
  3. Make appropriate choices to define the rule
  4. Save your changes
Static security rule type
Static security rule type
  1. If you chose a static rule you must specify the persons whom the rule will apply to. The rule then applies to all entities in the business module.
  2. You can specify users or SharePoint groups by start typing their names and then selecting them
Dynamic security rule type
Dynamic security rule type
  1. If you chose dynamic rule type you must select the field that defines the person or group the rule should apply to.
  2. If there is a parent module those fields will be prefixed with the module name and a colon (E.g. Companies: Responsible)
  3. All fields from the business module or parent business module with the field type "Person or group" are usable and will be shown in the select list.
Security scope setting
Security scope setting
  1. Using the scope setting you can specify whether the rule should apply to the entity itself or to a specific list in the site.
  2. If you choose list, you will be able to select the entity list you want the security rule to apply to,
Permission levels
Permission levels
  1. You must for each rule define which permission level the defined users or groups must be assigned. The system uses the predefined SharePoint permission levels.
Example
Example
  1. In this example I create a new dynamic security rule for my projects business module entity.
  2. When a new project is created or edited, the user name typed into the "Project manager" field on the entity is granted administrative privileges to the underlying documents list.
  3. Based on our dynamic security rule the projects underlying documents list is now only visible to the person specified in the projects "Project Manager" Field.

Notice that the security rule created in this example relies on the fact that the "Project Manager" field contains a value. If that is not the case the underlying documents list will be accessible for everyone whom have permission to the business module list.

Scheduled Jobs to implement and enforce security settings and rules
Scheduled Jobs to implement and enforce security settings and rules

When all security settings are configured as needed, it's time to setup a Scheduled job, that implements the security settings and rules, and also applies them to new entities as they are created.

  1. From the WorkPoint administration page click on Scheduled Jobs
Create a new full security replication job
Create a new full security replication job
  1. Click on Schedule New Full Security Replication
Full Security Replication – Google Chrome
Full Security Replication – Google Chrome
  1. Fill out the fields and click on save
Prepare a manual security replication execution
Prepare a manual security replication execution
  1. After creating the job click on edit to manually initialize a execution of the full security replication job
Execute a security replication
Execute a security replication

A full security replication applies security rules and settings to all existing entities.

  1. Click on "Run now" to start a full security replication
Access the security replication log
Access the security replication log

Click here to access the security replication log

Open the security replication log
Open the security replication log
  1. Click here to open the log
The full security replication log
The full security replication log
  1. In the replication log you can get an detailed look at the security replication job and verify that the job has completed successfully
  2. Now setup a incremental security replication job similar to this

Remember to run a full security replication if you change security settings or modify existing rules to ensure the new or modified rules also apply to existing elements and lists.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments