Latest Entries »

I recently blogged about how to security trim contents of a page using the Security Trim Control, it works great for content on the page but what about contents within a web part I was asked, for example that of a DataView web part. Well that’s easy too, all you need is a little less known built in XSLT function called ddwrt:IfHasRights(<Permission Mask>)) and some Conditional Formatting logic.

  1. Simply select the text or mark-up inside the data view web part and then
  2. Click on Conditional Formatting option in the Task Panes menu
  3. In the Condition Criteria dialog box select Advanced and in the Advanced Condition dialog box change Select a function category to All
  4. Find and insert the IfHasRights() function by double clicking on the Select a function list
  5. Use a single Permission Mask for example 4 IfHasRights(4) to only make the mark-up or text visible when the user has edit rights on the page\item

Following is a list of Permission Masks for the build in permissions

  • ViewListItems – 1
  • AddListItems – 2
  • EditListItems – 4
  • DeleteListItems – 8
  • ApproveItems – 16
  • OpenItems – 32
  • ViewVersions – 64
  • DeleteVersions – 128
  • CancelCheckout – 256
  • PersonalViews – 512
  • ManageLists – 2048
  • ViewFormPages – 4096
  • Open – 65536
  • ViewPages – 131072
  • AddAndCustomizePages – 262144
  • ApplyThemeAndBorder – 524288
  • ApplyStyleSheets – 1048576
  • ViewUsageData – 2097152
  • CreateSSCSite – 4194314
  • ManageSubwebs – 8388608
  • CreateGroups – 16777216
  • ManagePermissions – 33554432
  • BrowseDirectories – 67108864
  • BrowseUserInfo – 134217728
  • AddDelPrivateWebParts – 268435456
  • UpdatePersonalWebParts – 536870912
  • ManageWeb – 1073741824
  • UseRemoteAPIs – 137438953472
  • ManageAlerts – 274877906944
  • CreateAlerts – 549755813888
  • EditMyUserInfo – 1099511627776
  • EnumeratePermissions – 4611686018427387904
  • FullMask – 9223372036854775807

Security Trim Contents of a Page

I get this question a lot of times, and yesterday I had this question come up again. One of my team mates asked me about a way to security trim content on the page rather then the entire page it self. Well it’s quite easy, all you need is the SPSecurityTrimmedControl.

<SharePoint:SPSecurityTrimmedControl ID=”SPSecurityTrimmedControlName″ PermissionsString=”BrowseDirectories” runat=”server”>

The markup that needs to be security trimmed goes here.

 </SharePoint:SPSecurityTrimmedControl>

Here are the permissions you can use, you can add multiple using commas:

AddAndCustomizePages
  AddDelPrivateWebParts Add or remove personal Web Parts on a Web Part Page. 
  AddListItems Add items to lists, add documents to document libraries, and add Web discussion comments. 
  ApplyStyleSheets Apply a style sheet (.css file) to the Web site. 
  ApplyThemeAndBorder Apply a theme or borders to the entire Web site. 
  ApproveItems Approve a minor version of a list item or document. 
  BrowseDirectories Enumerate files and folders in a Web site using Microsoft Office SharePoint Designer 2007 and WebDAV interfaces. 
  BrowseUserInfo View information about users of the Web site. 
  CancelCheckout Discard or check in a document which is checked out to another user. 
  CreateAlerts Create e-mail alerts. 
  CreateGroups Create a group of users that can be used anywhere within the site collection. 
  CreateSSCSite Create a Web site using Self-Service Site Creation. 
  DeleteListItems Delete items from a list, documents from a document library, and Web discussion comments in documents. 
  DeleteVersions Delete past versions of a list item or document. 
  EditListItems Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries. 
  EditMyUserInfo Allows a user to change his or her user information, such as adding a picture. 
  EmptyMask Has no permissions on the Web site. Not available through the user interface. 
  EnumeratePermissions Enumerate permissions on the Web site, list, folder, document, or list item. 
  FullMask Has all permissions on the Web site. Not available through the user interface. 
  ManageAlerts Manage alerts for all users of the Web site. 
  ManageLists Create and delete lists, add or remove columns in a list, and add or remove public views of a list. 
  ManagePermissions Create and change permission levels on the Web site and assign permissions to users and groups. 
  ManagePersonalViews Create, change, and delete personal views of lists. 
  ManageSubwebs Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.  
  ManageWeb Grant the ability to perform all administration tasks for the Web site as well as manage content. Activate, deactivate, or edit properties of Web site scoped Features through the object model or through the user interface (UI). When granted on the root Web site of a site collection, activate, deactivate, or edit properties of site collection scoped Features through the object model. To browse to the Site Collection Features page and activate or deactivate site collection scoped Features through the UI, you must be a site collection administrator. 
  Open Allow users to open a Web site, list, or folder to access items inside that container. 
  OpenItems View the source of documents with server-side file handlers. 
  UpdatePersonalWebParts Update Web Parts to display personalized information. 
  UseClientIntegration Use features that launch client applications; otherwise, users must work on documents locally and upload changes.  
  UseRemoteAPIs Use SOAP, WebDAV, or Microsoft Office SharePoint Designer 2007 interfaces to access the Web site. 
  ViewFormPages View forms, views, and application pages, and enumerate lists. 
  ViewListItems View items in lists, documents in document libraries, and view Web discussion comments. 
  ViewPages View pages in a Web site. 
  ViewUsageData View reports on Web site usage. 
  ViewVersions

Had this question pop up at work today, to show all items without folders in SharePoint you will need to add the Recursive attribute to the SPQuery object.

 Here is an example, This can be done in Code:

 SPQuery.ViewAttributes += ” Scope=\”Recursive\””;

 Or as part of the CAML Query Markup

    <FieldRef Name=’ID’ /> 

</ViewFields> 

<QueryOptions> 

   <ViewAttributes Scope=’Recursive’ /> 

   <OptimizeFor>FolderUrls</OptimizeFor> 

</QueryOptions>

Other query options are:

<QueryOptions>
   <IncludeMandatoryColumns>True</IncludeMandatoryColumns>
   <DateInUtc>True</DateInUtc>
   <IncludeAttachmentUrls>True</IncludeAttachmentUrls>
   <IncludePermissions>True</IncludePermissions>
   <ExpandUserField>True</ExpandUserField>
   <Folder>Name Of the Folder Here/</Folder>
</QueryOptions>

High Level Steps:

  1. Setup two domain accounts for SSRS – one for the SSRS Windows Service and the other for the App Pool running the SSRS Web Services
  2. Install SQL Server 2008 with all required advanced services, Analysis, Integration and off course SSRS
  3. SSRS should be installed but not configured at install time
  4. Install WSS 3.0 SP2 or MOSS 2007 SP2
  5. Run Reporting Services Configuration Tool and choose Integration Mode when prompted
  6. Install Microsoft SQL Server 2008 Reporting Services Add-in for Microsoft SharePoint Technologies on all SP boxes starting with the one that hosts Central Administration Site
    1. http://www.microsoft.com/downloads/details.aspx?FamilyID=58edd0e4-255b-4361-bd1e-e530d5aab78f&displaylang=en

Make sure of the following things to avoid grief:

  • SharePoint Object Model is available on the SSRS installation box, not a problem if everything is on the same box but something to be careful of in a multi-server farm.
  • Remember Integrated mode only works for SharePoint Web Applications on the Default Zone and will not work with Web Apps with Anonymous access enabled
  • In Multiple Farm environments the copyappbincontent stsadm command must also be executed on each WFE
  • Make sure when using Kerberos, the DNS entry for the Web Application URL must be an A record, not CNAME

I recently had the opportunity to attend rotation 3 (R3) or the first public offering of the Microsoft Certified Master program for SharePoint 2007.  This without doubt will be one of the most intense, humbling and gratifying experiences of my life.

After a gruelling three weeks of SharePoint expert training and intense peer discussions, three difficult written exams, a tough but fair Qualification lab and countless sodas and sleepless nights, I am very pleased to announce, that I’m now a Microsoft Certified Master for SharePoint 2007!

I was originally supposed to attend the beta rotation (R2) back in April but as luck would have it I could not attend R2 and boy was I glad to start on 1st of June, 2009!  First of all the weather in Redmond was fantastic by all accounts, it only rained once or twice while I was there. Microsoft jokingly calls weeks like these the recruitment weeks. Secondly the training format, the qualification lab and venue improved tremendously compared to the last two rotations.  The Master Program folks seek exhaustive feedback and based on the improvements to the program on per rotation basis, you can tell that they take this feedback seriously.

My journey with the program started when I applied for it last year in November, 2008; lucky for me it was not too hard to get a buy in from my employer Stargate Global Consulting, they have a vision to build a Centre of Excellence for SharePoint in Australia, and, having MCMs on board played into that vision. Part of the application process is submission of engagement briefs, sanitised copies of technical documents authored in the past and possibly an interview (I did not get one but have been told by other candidates how hard it was).  I got the green light from the SharePoint MCM Program Managers in January, 2009 along with a list of pre-reading material and invitation emails (more on this later). I did not know at the time but the selection criteria is right up there, we have been told for every candidate selected in the last rotation four to five applicants were refused.

I did not pay much attention to Pre-read list as I had read most of the material over the last few years, big mistake as I was to learn later – most of the documents and articles on the pre-reading list have been updated over the last year.  I focused more on the logistics side. Based on the advice of former MCM Candidates, I flew in a couple of days early and shared a flat with two really personable and knowledgeable Microsoft Consulting Services folks – or as we now like to call ourselves ‘The Three Amigos’. The off campus housing and learning experience was great, although you are the foremost resource responsible for your own learning, the support from peers cannot be denied and one of the best things about MCM.

June the 1st was an early start like all other days of the program, the program kicked off at 7:45 AM on the dot at Building 40, breakfast was served and the seats had name tags along with MCM Folders and log on instructions to the fabulous blade servers. MCM collateral was also neatly stacked at the back of the room for our collection. From the introductions alone it became quite obvious the deep skill set and expertise on parade in the room.  We had a good balance of architects, consultants, support engineers and folks from both Microsoft Consulting Services and Microsoft Partners; almost all the 17 candidates had at least 3 to 8 years experience with the SharePoint technology and products among other things. The best thing about all of us was our eager attitude towards learning. We were all here to learn “what we don’t know that we don’t know”.

We were also introduced to our trainer for the day; we had over 12 through the three weeks, each undoubtedly an expert in his or her area. The training days were busy – early starts and late finishes was the norm. A full day of presentations and discussions (45 minute lunch break inclusive) was followed mostly by lab work and lots of reading over the weekends. You had little time for anything else other then eating or sleeping.  Any free minutes we had were put to use by mini SharePoint Trivia sessions, I learnt a lot of things from this valuable exercise. This is where the true benefit of peers becomes apparent; I also can’t count the number of times I was assisted by my fellow MCM candidates during the course of the labs.

Not going into too much detail from a ‘What was covered Perspective’.  Week one focused largely on the architectural and design side of SharePoint, week two dived into the features available within the product and week three focused on the custom development side of things. Although not all SharePoint areas were covered as that would have been a herculean task given the nature of the product and the constant flux of improvements with service packs and updates. In my personal opinion program manager had done a great job, the course was very well structured. The material was highly relevant and can be largely applied to our daily work. 

The three written exams I mentioned earlier took place after each week of training, it’s important to understand that you are not taught to the test, so don’t be surprised if you are thrown an odd ball question, it probably is testing your concepts – both your existing experience and the pre-reading list play an important role here.

As the old adage goes ‘All work and no play makes Jack a dull boy’ this was true too in the case of the MCM Program, James (Program Manager) mixed it all up with visits by the product team, candidate dinners, the traditional Go-Karting run off against the OCS MCM folks (we won the 1st and 3rd positions), company store visit etc. I must add that James did a great job in keeping us motivated, especially by week three where we all needed it badly. My personal favourite was the visit to the Home of the Future, it was quite inspiring. I came out buzzing with ideas for services in the cloud that will be required in the not so distant future.

The grand finale of the program is the much dreaded Qualification lab. The tireless lab work and studying for the exams in the preceding weeks did not prepare me for what I was to experience in the Qualification lab. The lab preparation and the blade server setup were excellent.  I remember how pleased I was to get the tasks under my belt, even let a little shout of joy out just before the last minute warning. I had not realised it in the course of the day but the sheer amount of scenarios and work that needed to be performed had almost drained me.  It hit me when I tried to get up from my seat and just fell back without warning. This was probably one of the most memorable days of the whole program.

It’s true, as it’s been iterated on number of blogs before, MCM is not for the faint hearted, and you will need all the stamina in the world and passion to succeed. Quite frankly MCM is the best product training you can have.  The recognition and respect for achieving this status is unparalleled in the Microsoft eco system. I would challenge all seasoned SharePoint professionals to consider the MCM Program; do you have what it takes to be a Master?