zoukankan      html  css  js  c++  java
  • Limited access In Sharepoint 2010

    When a security principal is added to the scope of an item with unique permissions, the security principal is immediately added with the Limited Access permission level to each unique permission scope in the hierarchy above the item until a parent Web with unique permissions is located.

    The reason for adding the user to the scopes with Limited Access is to allow enough access to the object hierarchically above the uniquely permissioned item so that the Object Model (OM), master pages, and navigation can render when the user attempts to navigate to the item. Without the Limited Access permissions at the parent scopes, the user would not be able to successfully navigate to or open the item that has unique permissions.

    The following diagram shows how the hierarchical depth of scopes can affect the amount of work required to add Limited Access users to parent scopes. The larger the number of unique scopes above the item, up to and including the uniquely permissioned Web, the larger the number of additions that must occur. The diagram shows a simplified representation of a physical structure that has unique scopes defined at every level from the Web down to individual items. As in the previous diagram, each differently numbered gold hexagon represents a unique permission scope, and all child objects within that container inherit from that scope unless they have their own unique permissions scope. The chain of Limited Access promotion is shown using red arrows.

    Scope1

    The diagram also includes the set of unique scopes along with the Limited Access membership additions that must occur on each parent scope, represented by separate boxes within the scope. No additional programming is required to add unique scopes whenever a security principal is added to an object scope with unique permissions that is below a Web with unique permissions.

    When a security principal with the Limited Access permission level is added to a parent scope, no check is made to see whether the security principal is already in the parent scope. A security principal that already has access to the parent scope is added again with Limited Access permissions, regardless of its existing permissions on the parent scope.

    When a security principal is removed from the Limited Access permission level at a parent scope, each instance of that security principal within every child scope is removed from the Limited Access permission level, regardless of whether the security principal has Limited Access or a wider set of permissions at the child scopes.

  • 相关阅读:
    45 个非常有用的 Oracle 查询语句
    [转载]java图片缩放处理
    [转载]java图片缩放处理
    十步完全理解SQL
    十步完全理解SQL
    day04_20170521_函数(二)
    to disable the entity lazy load, The ObjectContext instance has been disposed and can no longer be used for operations that require a connection.
    wordpress mobile templates
    linq query, using int.parse to convert varchar to int while orderby
    appfabric 简单应用
  • 原文地址:https://www.cnblogs.com/netwenchao/p/2511589.html
Copyright © 2011-2022 走看看