Chatta subito con l'assistenza
Chat con il supporto

ControlPoint 8.9 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Running Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Provisioning SharePoint Site Collections and Sites Default Menu Options for ControlPoint Users About Us

Accessing SharePoint Pages for Managing Groups

The Groups folder displays all of the SharePoint and Active Directory groups with permissions for a site.  You can link directly to the SharePoint pages for managing an existing group or create a new group.

All groups with permissions for each site within a site collection display beneath the site. In the case of SharePoint groups, the number of users within a group, as well as the group's permission level, displays to the right of each group name.  

Groups

NOTE: Groups do not display for sites whose permissions are inherited (as indicated by the Inherited site icon icon).

You can view group membership by clicking on the plus sign (+) to the left of the group name.

To view/edit an existing group in SharePoint:

Click on a SharePoint group name to access the SharePoint People and Groups page for that group.

People and Groups

To view/edit groups in SharePoint:

Click the Groups folder to access the SharePoint All Groups page, from which you can create a new group for the site.

Consult your SharePoint documentation for instructions on creating a group.

All Groups

NOTE:  If the Groups folder does not display for a root site or a site with unique permissions, no groups have been granted permissions for it.  To set up permissions for the first Group, navigate to the People and Groups page through the SharePoint site. Once a group has been granted permissions, the Groups folder will display in the ControlPoint left navigation pane as soon as you refresh the SharePoint Hierarchy.

Setting User Direct Permissions

Set User Direct Permissions is a ControlPoint action that lets you grant users direct permissions to one or more SharePoint sites, lists/libraries, and/or items.  (The action will not, however, overwrite or replace any direct permissions a user may already have.)

NOTE:  If you want to add users to an existing SharePoint group, use the procedure for Adding Users to SharePoint Groups.

In a multi-farm environment, direct permissions can be set across multiple farms.

Setting Permission for Multiple Users Using a Wildcard

If a wildcard is used to select users, at the time you attempt to run, schedule, or save the operation a pop-up dialog will display, warning that you may be running the operation on a large number of Active Directory users and groups.  

Wildcard BACKUP SITE PERMS

If you want to back up all permissions for the selected site(s)  before running, saving, or scheduling the operation and have not already elected to do so, click [Cancel] to cancel the operation and check the Backup site permissions before operation box.  To dismiss the dialog and run, schedule, or save the operation, click [OK].

Because the action requires an Active Directory lookup, a full domain name must be specified in the People Picker (that is, a wildcard cannot be used in place of the domain name or any part of it).  For example, axcelertest\* is supported, but *\marktwain is not.  It also means that alternate authentication methods (that is, other than Active Directory) are not supported.

To set user direct permissions:

1Select the object(s) to which you want to grant user permissions.

2Choose Users and Security > Set User Direct Permissions.

3Complete the Parameters section as follows:

a)For Set Permissions for User(s), select the user(s) for whom you want to set direct permissions.

b)In the Permission Level (Direct) drop-down, select a level from the list.

Permission Level drop-down

NOTE:  All custom permissions levels that are currently assigned to at least one user within the scope of your selection display in the drop-down.  (In a multi-farm environment, this list is populated from the permissions of the home farm.)  If you want to assign a custom permissions level that has been defined for a site collection but either is not currently in use or exists only on a remote farm, you can type it into the drop-down.  

c)If your selection includes one or more sites and you want the permissions to be applied to all lists within the site(s) that have unique permissions, check the Propagate to All Lists with Unique Permissions box.

d)If you have checked the Propagate to All Lists with Unique Permissions box and want the permissions to be applied to all items within the list(s) that have unique permissions, check the Propagate to List Items box.

NOTE:  The "Propagate" options do not apply to lists that you selected explicitly.  If you want to include items within explicitly-selected lists, use the Include Children or Choose option in the Selection panel.  See also Selecting List Items on Which to Perform a ControlPoint Operation.

Now you can:

·run the operation immediately (by clicking the [Run Now] button)

OR

·complete the Enforce Policy section and schedule the operation to run at a later time.

OR

·save the operation as XML Instructions that can be run at a later time.

If you chose the Run Now, option, after the operation has been processed:

·a confirmation message displays at the top of the page, and

·a ControlPoint Task Audit is generated for the operation and displays in the Results section.

If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.

See also The ControlPoint Task Audit.

 

Deleting User Permissions

Delete User Permissions is a ControlPoint action that lets you delete SharePoint user permissions from one or more site collections/sites.  You can also choose whether to:

·delete the user's entry from the selected site(s) (so that they no longer appear in the site's All People list)

·delete alerts associated with the user

·delete the user's My Site site collection, and/or

·reassign a user's permissions to one or more target users before performing the deletion

EXCEPTION:  You cannot reassign Site Collection Administrator privileges using this action.

NOTE:  This action does not remove users from any Web application policies, workflows that may be in effect, or Active Directory.

If a wildcard is used to select users, at the time you attempt to run, schedule, or save the operation a pop-up dialog will display, warning that you may be running the operation on a large number of Active Directory users and groups.

Wildcard BACKUP SITE PERMS

If you want to back up all permissions for the selected site(s) before running, saving, or scheduling the operation and have not already elected to do so, click [Cancel] to cancel the operation and check the Backup site permissions before operation box.  To dismiss the dialog and run, schedule, or save the operation, click [OK].

CAUTION:  Deleting Users from SharePoint Groups

The Delete User Permissions action will remove the selected user(s) from SharePoint groups in which they are listed as a member.  Because groups are defined at the site collection level and may be used anywhere in the site collection, if you are performing the action on one or more individual sites that includes groups that are used elsewhere in the site collection, the user(s) will lose permissions on unselected sites within the collection as well.

NOTE:  This action does not remove users from Active Directory groups.  Therefore, if a user is granted permissions via an Active Directory group, those permissions will not be impacted.

Deleting Permissions from Lists, Folders, or Items with Unique Permissions

When user permissions are added to a list, folder, or item that has unique permissions, SharePoint automatically creates an entry for the user on its first non-inherited parent object and assigns a permissions level of “Limited.”  This entry will be deleted only if that parent object is included in the scope of the action.  If the parent object is not included in the scope, the following message will display in the Task Audit:

User [user_name] permissions cannot be removed from [object_type] [object_name].  Go to the first non-inheriting parent [object_type] to remove this permission.

To delete the permissions of one or more users:

1Select the object(s) from which you want to delete permissions.

2Choose Users and Security > Delete User Permissions.

3For Delete All Permissions for User(s), select the user whose permissions you want to delete.

NOTE:  Delete User Permissions is one of the ControlPoint actions that can be performed on unvalidated users.   (For example, you can delete the SharePoint permissions of a user that you know has been removed from Active Directory or alternate authentication provider database.)  However, any individual user(s) entered into the Reassign Deleted Permissions to People Picker must be validated.

4Specify the remaining parameters as appropriate.  Use the information in the table below for guidance.

If you want to ...

Then ...

remove the user(s) from the site collection's People and Group list

check the Delete User Entries from the Site Collection box.  (If you leave this box unchecked, permissions will be deleted but user entries will remain in the People and Groups list).

NOTES:  

·The action will not be carried out for explicitly-selected objects that have unique permissions, as removing a user from the People and Group list will, by extension, also delete any other permissions the user might have within that site collection.

·If a user was granted permissions only through an Active Directory group, that user may have an "invisible entry" in the site collection's People and Group list.  This action will remove that entry.  

·If the Delete direct permissions only is selected, this option becomes disabled.  The removal of a user from the site collection would remove all of that user's permissions, including those granted through membership in SharePoint groups.

remove only direct permissions and retain permissions granted through SharePoint group membership

check the Delete direct permissions only (Leave group permissions intact) box.

NOTE:  If Delete User Entries from the Site Collection is selected, this option becomes disabled.  Removal of a user from the site collection would remove all of that user's permissions, including those granted through membership in SharePoint groups.

reassign the permissions of the user(s) to be deleted to one or more other users

a.Check the Reassign Deleted Permissions to box.

b.Select the user(s) to whom you want to copy the permissions.

Delete User Permissions REPLICATE

NOTE: If you entered the name of more than one user in the Delete Users field, the permissions of every one of those users (if different) will be reassigned to the target user.

delete SharePoint alerts that have been set for the user(s)

check the Delete Alerts box.

delete the user My Site site collection(s)

check the Delete My Sites box.

Now you can:

·run the operation immediately (by clicking the [Run Now] button)

OR

·complete the Enforce Policy section and schedule the operation to run at a later time.

OR

·save the operation as XML Instructions that can be run at a later time.

If you chose the Run Now, option, after the operation has been processed:

·a confirmation message displays at the top of the page, and

·a ControlPoint Task Audit is generated for the operation and displays in the Results section.

If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.

See also The ControlPoint Task Audit.

NOTE:  If you chose to reassign permissions, the delete action will not be carried out unless the permissions are successfully reassigned.

 

Duplicating a User's Permissions

Duplicate User Permissions is a ControlPoint action that lets you copy the permissions of one SharePoint user to one or more others.  Permissions can be copied for multiple site collections in a farm or Web application, or for individual site collections and sites.

EXCEPTIONS:

·You cannot duplicate Site Collection Administrator privileges using this action.  You also cannot duplicate permissions that were granted via an Active Directory group (as an alternative, you can simply add the new user(s) to the Active Directory group).  

·At a list-level scope, you cannot duplicate user permissions to a member of a SharePoint group.

All of a user's permissions for a site collection, including any unique permissions for sites, lists, and libraries, and items are copied.  Any Web Application policy permissions are not copied, however.

NOTE:  If your ultimate goal is to delete a user after copying his or her permissions to another user (for example, if the user is leaving the department or company and is being replaced by someone else), you can do so as part of the procedure for Deleting User Permissions.

In a multi-farm environment, a user's permissions can be duplicated across multiple farms.

If a wildcard is used to select users, at the time you attempt to run, schedule, or save the operation a pop-up dialog will display, warning that you may be running the operation on a large number of Active Directory users and groups.  

Wildcard BACKUP SITE PERMS

If you want to back up all permissions for the selected site(s) before running, saving, or scheduling the operation and have not already elected to do so, click [Cancel] to cancel the operation and check the Backup site permissions before operation box.  To dismiss the dialog and run, schedule, or save the operation, click [OK].

To duplicate a user's permissions:

1Select the site(s) for which you want to duplicate permissions.

2Choose Users and Security > Duplicate User Permissions.

3Complete the Parameters section as follows:

a)For Model User Name, select the user(s) whose permissions you want to duplicate.

NOTE:  Make sure that the permissions of the user you want to use as the model are appropriate for the target user(s).  Remember that you can review the permissions of the model before continuing.   If you entered the name of more than model user, the permissions of every one of those users (if different) will be assigned to the target user(s).

b)For Duplicate Permissions To, select the target user(s).

c)If you want permissions of the model user(s) to replace those of the target user(s), check the Delete existing permissions from target box.

NOTE:  If you leave this box unchecked, model user permissions will be added to any existing permissions.

Duplicate User Permissions

Now you can:

·run the operation immediately (by clicking the [Run Now] button)

OR

·complete the Enforce Policy section and schedule the operation to run at a later time.

OR

·save the operation as XML Instructions that can be run at a later time.

If you chose the Run Now, option, after the operation has been processed:

·a confirmation message displays at the top of the page, and

·a ControlPoint Task Audit is generated for the operation and displays in the Results section.

If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.

See also The ControlPoint Task Audit.

 

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione