zoukankan      html  css  js  c++  java
  • Limited access In Sharepoint 2010

    When a security principal is added to the scope of an item with unique permissions, the security principal is immediately added with the Limited Access permission level to each unique permission scope in the hierarchy above the item until a parent Web with unique permissions is located.

    The reason for adding the user to the scopes with Limited Access is to allow enough access to the object hierarchically above the uniquely permissioned item so that the Object Model (OM), master pages, and navigation can render when the user attempts to navigate to the item. Without the Limited Access permissions at the parent scopes, the user would not be able to successfully navigate to or open the item that has unique permissions.

    The following diagram shows how the hierarchical depth of scopes can affect the amount of work required to add Limited Access users to parent scopes. The larger the number of unique scopes above the item, up to and including the uniquely permissioned Web, the larger the number of additions that must occur. The diagram shows a simplified representation of a physical structure that has unique scopes defined at every level from the Web down to individual items. As in the previous diagram, each differently numbered gold hexagon represents a unique permission scope, and all child objects within that container inherit from that scope unless they have their own unique permissions scope. The chain of Limited Access promotion is shown using red arrows.

    Scope1

    The diagram also includes the set of unique scopes along with the Limited Access membership additions that must occur on each parent scope, represented by separate boxes within the scope. No additional programming is required to add unique scopes whenever a security principal is added to an object scope with unique permissions that is below a Web with unique permissions.

    When a security principal with the Limited Access permission level is added to a parent scope, no check is made to see whether the security principal is already in the parent scope. A security principal that already has access to the parent scope is added again with Limited Access permissions, regardless of its existing permissions on the parent scope.

    When a security principal is removed from the Limited Access permission level at a parent scope, each instance of that security principal within every child scope is removed from the Limited Access permission level, regardless of whether the security principal has Limited Access or a wider set of permissions at the child scopes.

  • 相关阅读:
    day3-python之函数进阶(三)
    day3-python之函数初识(二)
    day3-python之文件操作(一)
    tomcat
    集群
    nginx
    nginx--zabbix监控status waiting
    zabbix监控之mysql主从状态&mysql主从延迟
    zabbix监控之进程&日志监控
    zabbix监控流程(监控linux上某个文件是否有改动)
  • 原文地址:https://www.cnblogs.com/netwenchao/p/2511589.html
Copyright © 2011-2022 走看看