WSS and Custom Authorization Provider
October 9, 2007
As is well known by now, WSS 3.0 (and consequently MOSS) supports the ability to plug-in a custom role provider. So instead of being limited to the default AD based role provider, a custom store such as SQL database, can be used as the authorization store. As you can imagine, this gives you a lot flexibility in terms of storing and managing users.
Let us examine custom role provider in detail. But before we proceed, let us get a few core definitions out of the way. WSS defines the following core set of security related objects:
o SPUser and SPGroup – SPUser represents a user, while SPGroup as the name suggests, represents a collection of users. WSS allows you to create custom groups.
o SPBasePermission, SPRoleDefinition and SPRoleAssignment- SPBasePermission is right to perform a certain action within WSS. For example the right to insert list items. SPRoleDefinition is a collection of rights. For example, Contributor, Designer are built-in roles. Finally, SPRoleAssignment defines the assignment of roles for SPUser or SPGroup
Irrespective of whether you use a custom authorization provider or not, WSS creates instances of above mentioned set of objects to manage security within WSS. For example, SPRoleDefinition object that we discussed above, relies on SPUser and SPGroup for role-to-permission mapping.
So how does custom provider help? Using a custom provider you can create roles and include them as part of SPGroup (much like you would include instances of SPUser). This is an important benefit as you grant access based on custom authorization rules, stored outside of WSS.
There is another important benefit enabled by custom role providers – Ability to manage authorization rules across site collections (SPSiteCollection). A SPSiteCollection is a security boundary within WSS. This means that SPUsers and SPGroups defined within one SPSiteCollection are not available to other SPSiteCollection instances.
A custom role, however, can span multiples site collections since the authorization provider is defined at the Web Application level (SPWebApplication). This way you can manage authorization across sites from one central administrative interface. On the contrary, if you only had to rely on SPGroups for authorization, you would have to create a separate SPGroup for each SPSiteCollection and develop a scheme to keep them synchronized.
I should add that AD groups can be used to achieve the same behavior as described above (I.e. ability to span SPSiteCollections). However, the way AD is administered in most organizations, WSS Site owners do not have the permissions to create and modify AD groups.
March 17, 2008 at 12:30 pm
September 22, 2008 at 7:56 pm
thanks much, dude
November 27, 2008 at 12:11 pm
I was never a fan of role based security systems, I prefer capabilities based security, one of the recent development platform to use it is Brainwave Platform in its Semantic database
March 6, 2009 at 3:30 am
checkers rules
[URL=http://fukolumomo5.justfree.com/checkers-rules/]checkers rules[/URL]
chris cagle lyrics
[URL=http://fukolumomo5.justfree.com/chris-cagle-lyrics/]chris cagle lyrics[/URL]
ca penal code
[URL=http://fukolumomo5.justfree.com/ca-penal-code/]ca penal code[/URL]
kingdom hearts final mix
[URL=http://fukolumomo5.justfree.com/kingdom-hearts-final-mix/]kingdom hearts final mix[/URL]
valentine coloring pages
[URL=http://fukolumomo5.justfree.com/valentine-coloring-pages/]valentine coloring pages[/URL]
winchester 1300
[URL=http://fukolumomo5.justfree.com/winchester-1300/]winchester 1300[/URL]
cobra snakes
[URL=http://fukolumomo5.justfree.com/cobra-snakes/]cobra snakes[/URL]
grease musical
[URL=http://fukolumomo5.justfree.com/grease-musical/]grease musical[/URL]
simpsons online games
[URL=http://fukolumomo5.justfree.com/simpsons-online-games/]simpsons online games[/URL]
liver cancer symptoms
[URL=http://fukolumomo5.justfree.com/liver-cancer-symptoms/]liver cancer symptoms[/URL]
polo outlet
[URL=http://fukolumomo5.justfree.com/polo-outlet/]polo outlet[/URL]
mx unleashed cheats
[URL=http://fukolumomo5.justfree.com/mx-unleashed-cheats/]mx unleashed cheats[/URL]
so cal edison
[URL=http://fukolumomo5.justfree.com/so-cal-edison/]so cal edison[/URL]
trey songs
[URL=http://fukolumomo5.justfree.com/trey-songs/]trey songs[/URL]
mustang sally lyrics
[URL=http://fukolumomo5.justfree.com/mustang-sally-lyrics/]mustang sally lyrics[/URL]
hercules hooks
[URL=http://fukolumomo5.justfree.com/hercules-hooks/]hercules hooks[/URL]
zoogdisney
[URL=http://fukolumomo5.justfree.com/zoogdisney/]zoogdisney[/URL]
sugar cookie recipes
[URL=http://fukolumomo5.justfree.com/sugar-cookie-recipes/]sugar cookie recipes[/URL]
singlenet
[URL=http://fukolumomo5.justfree.com/singlenet/]singlenet[/URL]
xbox emulators
[URL=http://fukolumomo5.justfree.com/xbox-emulators/]xbox emulators[/URL]
April 15, 2009 at 12:38 pm
If you want to see a reader’s feedback
, I rate this post for 4/5. Decent info, but I have to go to that damn msn to find the missed pieces. Thank you, anyway!
May 29, 2009 at 8:38 am
speedo swimsuit
[URL=http://moxadotevufic.10fast.net/speedo-swimsuit/]speedo swimsuit[/URL]
kindergarten lesson plans
[URL=http://moxadotevufic.10fast.net/kindergarten-lesson-plans/]kindergarten lesson plans[/URL]
pimp my web page
[URL=http://moxadotevufic.10fast.net/pimp-my-web-page/]pimp my web page[/URL]
tetek cikgu
[URL=http://moxadotevufic.10fast.net/tetek-cikgu/]tetek cikgu[/URL]
daschound
[URL=http://moxadotevufic.10fast.net/daschound/]daschound[/URL]
geometry terms
[URL=http://moxadotevufic.10fast.net/geometry-terms/]geometry terms[/URL]
hida scan
[URL=http://moxadotevufic.10fast.net/hida-scan/]hida scan[/URL]
geometry shapes
[URL=http://moxadotevufic.10fast.net/geometry-shapes/]geometry shapes[/URL]
inmate query
[URL=http://moxadotevufic.10fast.net/inmate-query/]inmate query[/URL]
cursive fonts
[URL=http://moxadotevufic.10fast.net/cursive-fonts/]cursive fonts[/URL]