Monday, April 07, 2014

Automatically Assign Users to SharePoint Roles or Groups - Set Up Security Policies in ExCM



Frequently, an organization would like to be able to automatically assign extranet users to an Extranet Role as part of the ExCM invitation and self-service registration process.  ExCM includes a feature named “Security Policies” that is designed to make this possible.

Follow the steps below to take advantage of this capability:
1.       From Site Settings, click on Extranet Settings from the Extranet Management group:



2.       Click on Security Policies under the General Settings heading:


3.       Select the Security Policy Tab in the ribbon and click on New Policy:



4.       In the New Security Policy dialog box, you have several options to set different types of Security Policies.  The most common use is to set a Site Collection policy (or Site policy, if you use sub-sites rather than Site Collections) to ensure that new registrants are automatically added to a specific Extranet Role whenever they first register for the site.  (Presumably, prior to this the administrator would have granted the Extranet Role specific SharePoint permissions.) 

This screenshot shows an example of setting a policy that will automatically add all new registrants to the Acme Collaboration Site Collection to the Acme Users Extranet Role.  Prior to this the Acme Users Extranet Role had been granted read permission to the site:



5.       The finished Security Policy looks like this:


Once the security policy is in place, any user that is added to your site will now be added to the role "Acme Users" without having to remember to do this step manually. If you want to save yourself some time, and possibly some unnecessary troubleshooting, make sure you set this policy up on every site collection you provision. If you are using our Site Provisioning and Governance Automation (ChangeBot) tool, make sure you set the activity to create the role, assign read permission, and Add Site Security Policy with every site provisioned saving you from manually doing all those steps.

No comments: