SharePoint as a platform offers an immense amount of out-of-the-box capabilities that can be harnessed by understanding and taking the right approach to the business requirements. This article is a continuation of “How to Maximize SharePoint Out-of-the-Box Features” and walks through three additional scenarios on leveraging SharePoint out-of-the-box capabilities to solve real-world business problems. It reinforces the importance of understanding the business problem before contemplating a solution. Like the last article, the approach it to tackle a real world scenario by formulating the problem statement, the solution, and a way to take the solution to the next level.
You can view the article “How to Maximize SharePoint Out-of-the-Box Features” from this link.
The SharePoint functionality addressed in this article covers features such as SharePoint security, integration of My Sites with Active Directory, and extending SharePoint search discussed in “How to Maximize SharePoint Out-of-the-Box Features.” Before diving into the three real-world scenarios, make sure you understand these basic features.
Basic SharePoint Features
Within SharePoint, permissions are tied either to individuals or groups. By leveraging the standard SharePoint behavior, you can choose to give individuals and groups access to sites, document libraries, lists, and items in those lists among other things. Once you’ve chosen to give an individual access to a specific list, you also must specify what kind of access they will have. This is called the permission level. By default, SharePoint has defined some basic permission levels that allow you to define broadly how much access is being given to the individual or group. (See Figure 1)
Figure 1: Edit Permissions page
The article on “How to Maximize SharePoint Out-of-the-Box Features” walks through some of the capabilities of SharePoint search. Scenario 1 of this article demonstrates the importance of leveraging search in an enterprise. Providing the users with the capability to search is just half the battle. Providing them the most relevant search results is the key to successful enterprise search integration.
In our experience of implementing SharePoint, regardless of the type of organization, the topic of My Sites has consumed more discussion time than planned. Some organizations are eager to discontinue the use of personal file shares and leverage the new technology, whereas others want to understand how to disable the features completely.
Beyond providing users with a personal portal to store their documents and other information assets, My Sites provide a way for users to discover information about each other. My Sites have both “public” and “private” pages. The “public” pages can be used to display a person’s projects, his coworkers, and his areas of expertise. The same powerful site management and security features apply to My Sites as they do in other SharePoint sites.
Now that you understand the basics of these features, it’s time to explore how to apply some configuration magic to achieve functionality that would traditionally have been assumed to only be possible by customization or programming.
Scenario 1: How to Create Search Scopes to Narrow Search Results to a File Share
A construction equipment dealership faces the challenge of being able to search through large quantities of old invoices that are currently placed on a file share. The organization has taken the lead in designing the current intranet on SharePoint as well as using it as a collaborative environment for their new invoices. The Accounting department needs to access their older invoices for data entry and account reconciliation purposes.
Having thousands of invoices stored on a file share poses a challenge to effectively finding any specific invoice on a timely manner. This leads to reduced efficiency and many hours spent on a weekly basis to reorganize the file structure on the file share to match the current project needs.
SharePoint search scopes can be leveraged to provide an efficient solution that gives the user the ability to perform full-text searches on old invoices stored on file shares. These search scopes appear to all users in the dropdown box next to the portal search box.
SharePoint Search scopes are defined by rules. Rules are typically limited to specific topics and content sources that are commonly useful to an organization. Search scopes are used to provide narrow search results to users upon executing a search query. They can be created at a SharePoint farm level (shared) within the Shared Service Provide SSP or a Site Collection level (local) within the settings. Shared search scopes can be reused in any Site Collection in the farm, whereas local search scopes can only be used in the Site Collection that they were created.
In this particular example, the content source will contain a rule that will specify a file share as a content source to be indexed and full-text searchable. Follow the steps below to create a custom search scope that searches contents on a file share:
- Follow Scenario 2 above and in Step 5 select file share to create a custom content source that indexes a specific file share.
- Type the location of the file share in the Start Address field.
- The next step is to use the custom content source to create a custom search scope.
- To create a “Shared” search scope, open the SharePoint Central Administration and go to the SSP.
- Click on Search Setting under the Search options (see Figure 2).
Figure 2: Search settings in SSP
- In the Scopes sections, click on View Scopes (see Figure 3).
- Type in a Title and Description in the provided fields and specify whether the search results will be displayed in the default search page or a custom page (see Figure 5), and then click OK.
- The new search scope will now be displayed in the View Scopes page, as shown in Figure 6.
- Click on Add Rules next to the new search scope.
- Select Content Source in the Scope Rule Type section.
- In the Content Source section, select the content source (from Step 2) and click on Include in the Behavior section, then click OK.
- The scope will be ready to be used in the Site Collections within the farm after it indexes the file share.
Figure 4: View existing scopes
Figure 5: Create new scope
Figure 6: New search scope
Figure 7: Add rules to search scope
Figure 8: New search scope with rules applied
- To use the new custom search scope, go to the Site Settings for the Site Collection and click on Search Scopes in the Site Collection Administration section.
- In the View Scopes page, the new custom search scope will be added to the Unused Scopes section.
- Click on the Search Dropdown in Display Group to use the custom search scope.
Figure 10: Existing Site Collection Scopes
- Check the box next to the custom search scope and select the position in the dropdown list and then click OK.
Figure 11: Enable new search scope in Site Collection
Note: If you would like to add the custom search scope in the Advanced Search section, click on Advanced Search Display Group and repeat Steps 16–17.
- The custom search scope will be displayed as part of the search dropdown on every site within the Site Collection.
Figure 9: Site Collection settings
Taking It to the Next Level
Now that the custom Search Scope has been added, the process above can be followed to add additional Search Scopes to various other types of Content Sources. To provide relevant search results, the default Search Scope, “All Sites,” can be modified to “Exclude” results from the Custom Search Scope. This way, there is no overlap in the search queries for content on SharePoint versus other Content Sources and provides further narrowed search results.
Scenario 2: How to Modify Existing Permissions Levels or Create Finer-Grained Permissions in SharePoint
A local bank would like its employees to submit ideas on how they can improve the service provided to their customers, potentially improving the overall customer satisfaction survey results. The bank would also like their employees to view others’ submissions to further generate ideas. The IT director has set up a SharePoint survey list, called “Dream Bigger,” for the employees to submit their ideas and has provided them with “Contribute” access to the list.
The challenge faced today is that, by default, a “Contributor” has access to delete the other submissions and create or modify existing views on the list. This level of access grants a user with more permission than needed and would eventually lead to an unmanageable list with many views and potentially deleted submissions.
To control the permissions and still provide the users with the ability to contribute, or submit new ideas, on the list, either the default permission level can be modified or a new fine-grained permission level can be created. SharePoint permission levels are predefined sets of permissions that allow the users or groups to perform certain action on a site, list/document library, folder, or a list item/document. Permission levels can be modified either at a Web Application level or created/modified at a Site Collection level.
By default, a Site Collection has permission levels such as “Full Control,” “Contribute,” and “Read.” These permissions can be modified to a fine-grained permission level or new permission levels can be created. These permission levels will be available within any sub-site list/document library, folder, and list item/document of the Site Collection where they are created. It is recommended that the existing permission is not modified unless it is made certain that no site, list, or list item inherits that specific permission level.
By default, permissions levels are inherited within a site; however, once a new permission level is applied to a list, the inheritance is broken. All the other site permissions remain intact and unchanged. In the example, the “Dream Bigger” list has a modified permissions level and all the folders and items within this list will automatically inherit the new permission level.
The Web Application permission levels can be modified within the Central Administration (Central Administration > Application Management > User Permissions for Web Application). In this example, you will walk through creating a new permission level for a Site Collection.
- Go to the top level site of the Site Collection and click on Site Actions > Site Settings.
Figure 12: Site Actions menu
- In the Site Settings page, click on the Advanced Settings under the Users and Permissions section.
- Click on Settings and Permission Levels.
- Click on Add Permission Level.
- Type in the name for the new Permission Level.
- Select the permissions that you would like to provide. In the example, this will be same as “Contribute” permissions except that you will uncheck Delete Items in List Permission section and Manage Personal View in the Personal Permissions section.
- Click Create.
- The new permission level will be displayed in the Permission Levels page.
- Now, the “Limited Contribute” permission level can be leveraged in the “Dream Bigger” list. This will allow the users to submit ideas but not allow them to modify existing or create new views. Additionally, users now cannot delete existing submissions, hence protecting the integrity of the list.
Figure 13: Site Settings page
Figure 14: Settings dropdown
Figure 15: Create new Permission Levels page
Figure 16: Permissions Level page with new permission level
Taking It to the Next Level
Now that you have seen how to create permission levels, what happens if the permissions that you would like to provide do not exist in the list of permissions (Step 6 above)? This is where creating permissions by writing custom code would help solve the problem. Creating custom permissions would allow the administrators to further control permissions such as not allowing contributors to view the Site Actions menu on a Publishing Page. Once the permission is created, it can be deployed as a feature and will appear in list of permissions (Step 6 above) for the administrator to choose as a permission level.
Scenario 3: How to Retrieve Custom AD User Vields into SharePoint and View Them in Users’ My Sites
A hospital would like to leverage the current intranet, on SharePoint 2007, to provide the company with pager number and specialty of each doctor. All this information is currently being stored in Active Directory (AD) and there is no direct method for all users to access this database. The hospital is currently utilizing My Sites and can only see the default fields from AD that have been imported when setting the Shared Service Provider (SSP).
The hospital is currently using a list within SharePoint to manage the name, pager number, and the specialty of the doctors. This effort is manual and requires duplication of efforts because the IT Department already manages this in AD.
To view the custom fields from AD into SharePoint 2007, a new user profile property field will be added and mapped to AD. In SharePoint 2007, users’ profile information is not limited to the fields that were originally imported during the creation of the SSP. Custom properties that have been created in AD can be mapped and imported in SharePoint. The profile property information is one way to provide AD information to the target audience within the company.
To map and import a custom field from AD, please follow these steps:
- Open the SSP within SharePoint 3.0 Central Administration.
- Click on User Profiles and Properties within User Profiles and My Sites section.
- Scroll down to User Profile Properties section and click on Add Profile Property.
- In the Add User Profile Property page, type the Profile Name and Description.
- In the Policy Settings section, select the property to be required, optional, or disabled (viewable to only SSP administrators) and select the Default Privacy Setting to the target audience of this property.
- Select the appropriate Edit, Display, and Search Settings based on the company policy. In the example, the “Show in the profile properties section of the user’s profile page” option will be selected to display this property, as a Custom Property, in the users’ My Site page.
- In the Property Import Mapping Setting, select Source Data Connection and Data Source Field to Map, the field to which the new property is mapped (“pager” in the example).
- Then, click OK.
- The new profile property will be displayed in the Custom Properties section of the View Profile Properties page.
- Once the property has been added and “Show in the profile properties section of the user’s profile page” was selected, a full crawl must be performed to display this custom field in the My Sites page of the users.
Note: The following instructions assume that you have already created the SSP and mapped the import connection (Configure Profile Import) to the company AD.
Figure 17: User Profile settings page
Figure 18: Existing user profile properties
Figure 19: Add user profile property—Policy Settings
Figure 20: Add user profile property—Property Import Mapping settings
Figure 21: New property on View User Profile Properties page
Taking It to the Next Level
Once the SSP has been created and configured, the Business Data Catalog (BDC) can be leveraged to retrieve users’ profile information from the backend database. This is useful if users’ information is stored and maintained in a database other than AD. To connect to the database, you will need to write custom connectors that connect and map fields from SharePoint 2007 to a custom database. Once the fields are mapped, they will be displayed in the Custom Properties section of the users’ My Sites. Please note that BDC is a feature of SharePoint 2007 Enterprise Edition.
Microsoft SharePoint technology is a powerful platform. It provides scalable enterprise capabilities to meet and exceed the requirements of growing businesses. Understanding the requirements and knowing how to maximize and leverage SharePoint out-of-the-box capabilities will provide the highest ROI for a SharePoint implementation. It is important to understand the system from an end-user perspective. More importantly, it is vital to provide the users with information in both an efficient and effective way. Leveraging capabilities such as search, security, and My Sites can help address some of the needs of rapidly growing and geographically distributed organizations. Once again, as mentioned in “How to Maximize SharePoint Out-of-the-Box Features”, it is beneficial to create a set of options for the given requirements and perform a cost-benefit analysis to understand the relative value of each option, including the cost of ongoing support and maintenance.
About the Authors
Daan De Brouckere is an executive with Crowe Horwath LLP in the Oak Brook office. You can reach Daan at firstname.lastname@example.org.
Raj Agarwal is a developer with Crowe Horwath LLP in the Livingston office. You can reach Raj at email@example.com.