Upload
joshua-grant
View
234
Download
3
Tags:
Embed Size (px)
Citation preview
Overview of Sharing in SharePoint 2013 and SharePoint OnlineGaurav Doshi and Mary DavidProgram Managers, SharePoint team
SPC183
Before we start..What will we cover in this talk?Talk – 1 hour
Demo – 30 minutesOverview of sharingExternal sharing Administrative controls
Technical deep dive - 30 minutesQ&A – 15 minutes
Feedback channelsTwitter handle: #spc183Evaluation on MySPC
Sharing is simpleSharing & Shared with dialogsNew people picker
No roadblocksAccess Requests
Sharing is always at your fingertipsSharePointOffice clientsOffice Web Apps
Recap - New Sharing UX
SharePoint Online OnlyExternal Access
Sites or documents can be shared with external users External users sign in using Microsoft Account or Office365 Account Once inside, external users are treated just like internal users
Guest LinksDocuments can be shared using Guest Links View or edit Guest LinksWhoever gets the link can access the contentDocuments will open in Office Web Apps
Recap - Sharing with external users
Administrative controlsOffice 365 Enterprise3 options to configure Guest Links & External Access
Switch at company level, separate switch for each site collection & My Sites
DefaultsBoth Guest Links and External Access ON at company levelON for pre-created site collections (My Sites, Team Site, Public)Newly created site collections have External Sharing OFF
Office 365 Small business1 switch for both Guest Links & External Access
Switch at company level – no separate switch per site collection
DefaultsGuest Links & External Access ON at company level
Office 365 Enterprise OnlyReporting: Enumerate/Search external users
Get-SPOExternalUser -PageSize 10
Delete external usersRemove-SPOExternalUser -UniqueIDs@(“[email protected]”)
Administrative controls with PowerShell
Sharing basicsNew People PickerSite sharingDocument & Folder sharing
Access requestsExternal Sharing
External Access & InvitationsGuest Links
Sharing Web ServiceSharing with “Everyone”
Technical deep dive
New people picker
Auto-fill control:Suggestions as you type
A client side cache of recent names(minimum 1 character to search; prefix matching on first/last/email)
Query results from claim providers(minimum 3 characters to search; prefix matching on first/last/email)
Emails addresses accepted when external sharing enabled
Very easy to add to a pageNo check name/address book functionalityConfigurability
Old people picker configurations still supported (ex. Site members only)New configurability around UI (ex. Caching)Old people picker still around and supported
DefaultsEdit permissions via “Site Members” group
Picking a different permissionOnly groups are presented under “Show options”First group/default = SPWeb.AssociatedMemberGroupOther groups are alphabetically listed
Permission inheritancePermission inheritance is not broken If a SPWeb inherits permissions, new users will be added to first uniquely permissioned parent scope
Site sharing
Edit/View Choice
Permission inheritance
Folder sharing – Just like document sharing
Document & folder sharing
Break inheritance
Copy permissions/groups from Site to
Document
Grant permissions to recipient on the
document
Send email notification to
recipient
Does recipient already has
permissions?
Yes
No
Edit/View map to two SPWeb properties(Default is edit)
StandardReaderRoleDefinitionId
StandardEditorRoleDefinitionId
Two scenariosUser without permissions requests for permissionsUser without “Manage Permissions” shares with new users
How to enable itOutgoing email setting at Farm level“Access request email” setting at web
Access Request ListExists in every uniquely permissioned web Stores every access request & invitation as a list itemOnly users in Associated Owners group can access the list Recipients are notified only after Owners approve
Access Requests
Access denied
Access Requests (cont.)
User gets Access Denied
Requests access
Sharing without “Manage Permissions”User shares a
site with a recipient who doesn’t have
access
Access request created
Admin notified of pending access
request by email
Approves access request
from access request
list
User is notified by email with a link to
the resource
SharePoint Online onlyWho can invite?
Only users with “Manage Permissions” can invite external users
Invitation redemption First redeemer gets accessHistory of redemptions maintained in the Access Request List
AccessIf a document is shared – Access is limited to document onlyIf a site is shared – Access is limited to everything within site
External Access & Invitations
How does it work?
Security validationsCheck if External Access is enabledCheck if invitation is validCheck if redeemer is the same
Features blocked for authenticated guestsSkyDrive Pro, Newsfeed, Following, Sites hub, Site Mailbox
External Access & Invitations (cont.)
External user invited
This creates invitation in
Access Request List
Invitation email sent to
guest with invitation URL
Guest clicks URL.
Verification of validity of
invitation and if external access is enabled.
Guest signs in with Microsoft
Account or Office 365 Account.
Verification of redeemer.
Guest added to SharePoint
Online Directory
Service & to site collection
Guest gets permissions on the object
& is redirected to it
SharePoint Online OnlyWho can create Guest Links?
Only users with “Manage Permissions” on a file can invite users to it via a Guest Link
Guest Link redemptionWhoever gets the link can access the contentOffice documents open in Office Web Apps, other files trigger download
AccessGuests get View or Edit access only to the document shared
Guest Links
How does it work?
Security validationsCheck if Guest Links are enabledCheck if the link is a valid link
Site secretDoes the document exist?
Check if this link has been disabled
Guest Links (cont.)
User shares a document using Edit or View link
Hidden user created and
granted permissions on the document.
Inheritance broken.
Guest receives email with Guest Link.
Clicks on the link.
Verification:Are Guest Links enabled? Is this
a valid link? Does the document
exist?
User impersonates
the hidden user and is
redirected to the document in
web apps.
Web service to share from Office client & appsAllows web service access to…
Share documents with internal usersInvite authenticated guests to documentsCreate Guest LinksGet permissions on a document
LimitationsPrimarily designed for SkyDrive Pro
Limited functionality for team site documentsOnly supported if the user has “Manage Permissions” permission
Sharing web service
Two special “everyone” claims“Everyone”
New name for “All authenticated users”Available in SharePoint as well as SharePoint OnlineMaps to “All authenticated users in the tenancy, including external users” in SharePoint Online
“Everyone except external users”Available in SharePoint Online only
“Shared with Everyone” folder in SkyDrive Pro
SharePoint: “Everyone” has access to this folderSharePoint Online: “Everyone except external users” has access to this folder
No customizations available
Sharing with “Everyone”
RecapShare easily
Share responsibly
Sharing & Shared with dialog, people pickerNo roadblocks with access requests
External Access & Guest LinksSharePoint Online only
Administrator controlsPowerShell (Office365 Enterprise)
Share with anyone
Ask the ExpertsWednesday, Nov 14 6:15 - 8:15PM Bayside C
SPC216 Best Practices for Configuring SharePoint Online and Office 365 Identities
Thursday, Nov 15 9:00AM - 10:15AM Lagoon ABGHSPC105 Getting the Most out of SharePoint Online for Small Businesses & Professionals
Tuesday, Nov 13 9:00 – 10:15AM Lagoon CDIJ
Related sessions
Evaluate this session now on MySPC using your laptop or mobile device: http://myspc.sharepointconference.com
MySPC
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
InheritanceContoso Team Site Owners
Contoso Team Site Members
Contoso Team Site Viewers
Inherits permissions from site
Sharing a fileContoso Team Site Owners
Contoso Team Site Members
Contoso Team Site Viewers
1. Breaks inheritance2. Copies the 3 site groups3. Adds the people you share the file with
Inherits permissions from site