Use the ControlPoint Backup Permissions action to back up permissions on one or more SharePoint sites, to maintain the integrity of site security throughout your farm.
For example, you may want to back up permissions:
·for the entire farm on a regular basis (such as weekly)
·to have a "snapshot" of the original permissions set up for a newly created site
·before performing an administrative action that may compromise site security settings.
Permissions are backed up site by site, with permissions for each individual site saved as a separate line item in the data table xcPermissionsbackupin the ControlPoint Service (xcAdmin) database along with the date and time of the operation. Definitions of permissions levels are not backed up.
NOTE: Depending on the scope of the operation and the number of objects (sites, lists, and/or list items) with unique permissions, the permissions backup process can be time-consuming and resource-intensive. Therefore, it is recommended that you perform the operationor schedule the operation to runwhen system usage is low.
To back up site permissions:
1Select the object(s) containing the sites whose permissions you want to back up.
2Choose Users and Security > Backup Permissions.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·complete the Enforce Policy section and schedule the operation to run at a later time.
OR
·save the operation as XML Instructions that can be run at a later time.
If you chose the Run Now, option, after the operation has been processed:
·a confirmation message displays at the top of the page, and
·a ControlPoint Task Audit is generated for the operation and displays in the Results section.
If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.
See also The ControlPoint Task Audit.
Use the Manage Permissions Backups action to restore user permissions for one or more sites whose permissions have been backed up. You can choose whether or not to restore from the backup:
·SharePoint groups that may have been deleted
·the membership of SharePoint groups, and/or
·the Site Collection Administrator.
REMINDER: Permissions That are Restored/Not Restored
·Definitions of permissions levels cannot be backed up, and therefore cannot be restored. If a permissions level was deleted from a site since the Backup Date, an error will be reported.
·Any sites that have been deleted since the Backup Date will not be restored, nor will permissions for users who are no longer valid on the server or in Active Directory (that is, user accounts that have been deleted or disabled in Active Directory).
·For any object that currently that has unique permissions but had inherited permissions as of the Backup Date, inheritance will be restored. Conversely, for any object with unique permissions that had inherited permissions as of the Backup date, the unique permissions will be restored.
·The permissions of any user who was given direct permissions since the Backup Date will be deleted. If you choose to restore group membership, however, any user added to a SharePoint group since the Backup Date will not be deleted, as that user may have permissions to other sites in the collection via membership in the group.
·Any lists and list items created after the Backup Date will remain intact.
To restore permissions backups:
1Select the object(s) whose permissions you want to restore.
2Choose Users and Security > Manage Permissions Backups.
The Show most recent backups for each site box is checked by default and only the most recent backup for each site within the scope of your selection will display. You can, however, check or uncheck this box as needed.
3If you want to narrow the list to backups to a specific date range:
a)Select a Show Backups from and Show Backups until date () and time ().
b)Click [Refresh Display].
4Check the appropriate restore option(s):
§Restore groups - Check this box if you want any SharePoint groups (and group membership) that have been deleted since the Backup Date to be restored. If you leave this box unchecked, groups will not be restored.
§Restore users to groups - Check this box if you want to restore membership in SharePoint groups that may have changed since the Backup Date. (That is, any deleted users will be restored. Users that have been added to group since the Backup Date will not be deleted, however.) If you leave this box unchecked, only members that have been added to the group since the backup date (if any) will be retained.
REMINDER: Users who are no longer valid on the server or in Active Directory will not be restored.
§Restore Site Administrator - Check this box if you want to restore the Site Administrator(s) that existed as of the backup date. If you leave this box unchecked, the current Site Administrator(s) will be retained.
5Highlight the row(s) containing the backups from which you want to restore permissions. To select multiple backups, use the [Shift] and [Ctrl] keys in the conventional manner.
Now you can:
·run the action immediately, (by clicking the [Restore from selected backup] button)
OR
·schedule the restore to run at a later time
OR
·generate an xml file with instructions that can be run at a later time (by clicking [Save Instructions for Restore]).
If you chose the Run Now, option, after the operation has been processed:
·a confirmation message displays at the top of the page, and
·a ControlPoint Task Audit is generated for the operation and displays in the Results section.
If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.
See also The ControlPoint Task Audit.
From the Manage Permissions Backups interface you can delete one or more permissions backups. You can also purge all backups created before a specified date.
NOTE: If you want to narrow the list to backups to a specific date range, select a Show Backups from and Show Backups until date () and time (), then click [Refresh Display].
To delete selected backup(s):
1In the Select column, check the box beside each backup you want to delete.*
2Click [Delete selected backups].
You will be prompted to confirm the deletion before the operation is carried out.
To delete all backups:
1Click [Select All].*
2Click [Delete selected backups].
You will be prompted to confirm the deletion before the operation is carried out.
*NOTE: If you want to de-select currently selected backups, click [Reset].
To purge all backups created before a specific date:
1Scroll to the bottom of the Manage Permissions Backups page.
2For Purge all Backups in the Farm before this date, select the earliest date for which you want to retain permissions backups.
3Click [Purge].
The Duplicate Site Security action lets you to copy the security settings (users, groups, and permissions) of a SharePoint site to one or more other sites within the same farm. This may be useful, for example, if you have created one or more new SharePoint sites and want them to have the same users, groups, and permissions as an existing site.
You also have the option of backing up destination site permissions before the Duplicate Site Security action is carried out.
In a multi-farm environment, site security can be duplicated within a single farm; either the home farm or a remote farm.
Factors to Consider before Duplicating Site Security
·Duplicate Site Security is a one-time action. Any ongoing changes to permissions on the source site will not be replicated to the destination site(s). You can, however, schedule the action to run on a recurring basis.
·The action will replace the list of users with direct permissions on a destination site with that of the source site.
·Any permissions level referenced in the source site that does not exist in the destination site collection will be created there as a custom permissions level (even if it exists as a SharePoint default permission level in the source site collection). If custom permissions levels with the same name but different definitions exist in both locations, you can choose whether or not to overwrite the definitions in the destination site collection.
·If you duplicate security to a site that inherits permissions from its parent, that inheritance will be broken and it will become a site with unique permissions that have been copied from the source. Conversely, if you duplicate security to a parent site, child objects with inherited permissions will inherit the new permissions that have been copied from the source.
·You have the option of duplicating permissions (and breaking any existing inheritance) to target lists with identical names (for example, Calendar to Calendar; Shared Documents to Shared Documents). You cannot, however, duplicate permissions of list items.
·Any list with unique permissions on the destination site that does not exist in the source site will remain intact.
How "Matching" Groups Are Handled
SharePoint groups that include the name of the source site (such as Owners, Members, and Visitors) will be matched to equivalent groups on the destination site, using the destination site name. (For example, Source Owners will be matched to Target Owners and so on.) Whenever a "matching" group already exists on the destination site, the action can:
·add members of the source group to the target group, if they are not already there
OR
·replace members of the target group with members of the source group
OR
·leave the target group membership unchanged.
If a group on the destination site has a matching name but the permissions level is different, ControlPoint will replace the permissions level of the destination group with that of the source group.
Other group settings, including Group Owner, will not be changed.
If a matching group is not found at the destination:
It will be createdusing the name of the destination siteand the membership will be copied from the source. Additional settings will be handled as described in the following table.
Setting |
Action That Will be Taken |
---|---|
Group Owner |
ControlPoint will attempt to use the group ownerwhich may be either an individual or another SharePoint groupfrom the source site (provided that owner already exists on the destination site). If the owner does not exist at the definition, the ControlPoint user who is performing the action will become the group owner. |
Other group settings |
the SharePoint default values will be used (regardless of whether they match the settings for the source group). |
To duplicate site security:
1In the SharePoint Hierarchy, select the site whose security you want to duplicate.
NOTE: This action is only available at the site level.
2Right-click and choose Users and Security > Duplicate Site Security.
3If you want to back up permissions on the destination site(s) before performing the duplicate action, check the Backup site permissions before duplicating box.
NOTE: If you check this box and encounter issues with the operation, you can restore permissions from the backup using the procedure for Restoring Site Permissions from a Backup.
4If you want custom permissions level definitions from the source to replace any in the destination site collection that have the same name, leave the Replace custom permission level definition if it is not the same in the target box checked.
NOTE: If you uncheck this box, existing custom permissions level definitions will not be changed.
5If you want permissions of source site lists to be carried over to destination site lists of the same name, leave the Duplicate permissions on lists with matching names checked.
NOTE: If you uncheck this box, permissions for lists with matching names will not be changed.
6Specify how you want the action to proceed When a matching group name is encountered:
§Add members from source site if they are not already in target site
OR
§Replace members with members from source site
OR
§Leave existing group membership as is
7From the Available Items list, select the site(s) to which you want permissions duplicated and move them to the Selected Items list.
8When you have finished selecting sites, click [Apply]
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
If you chose the Run Now, option, after the operation has been processed:
·a confirmation message displays at the top of the page, and
·a ControlPoint Task Audit is generated for the operation and displays in the Results section.
If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.
See also The ControlPoint Task Audit.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center