I'am currently working on a Microsoft Sharepoint BI project. It's a rough road, but we are getting there. The base foundation for Microsoft Sharepoint users and security is Active directory.
What I tried to accomplish is a portal page with three main parts:
- Dynamic reports, showing only those reports relevant, depending on the usertype;
- A main KPI about the topic;
- Key figures about the topic.
As said, I want to create the reports dynamically. This is for two reasons:
1. For more effective transaction and interaction with the enduser;
2. For security reasons.
i.e I have 2 types of users:
Managers;
Operational employes.
Both usertypes need to see different reports. The employe wants to know if the have enough supplies left and the type of orders.
The manager on the other hand wants to know if his department is meeting the organizational goals. He want information about salaries, costs, enc. The manager does not need to know the order details, cause it isn't relevant to his job and the employe doesn't need to see the main salaries for security reasons.
So I created these two active directory groups and added the users. I created the same group in Microsoft Sharepoint.
The next step is adding a report to a webpart and set the target audience to the appropriate group.
But there things went wrong. Altho it sounds doable, Microsoft Sharepoint doesn’t allow Active directory groups in a Sharepoint group to be assigned to a target audience. It could cause performance issues.
There is a second but: I’am not happy having to create an Active directory group and then the SAME Sharepoint group for management reasons.
...but there is hope. For my first concern, there is a hotfix available:
SYMPTOMS
You add Active Directory user accounts and Active Directory group accounts to a group in Microsoft Office SharePoint Server 2007. When you designate the SharePoint group as the target audience for a specific Web Part, some user accounts in the SharePoint group cannot access the Web Part.
CAUSE
This behavior occurs because only individual user accounts that are assigned to the SharePoint group are recognized as the target audience. Only those individual user accounts can access the Web Part. However, when you add an Active Directory group account, the users in the group account are not recognized as part of the target audience. Therefore, user accounts that reside in a group account that has been added to the SharePoint group cannot access the Web Part.
RESOLUTION
To resolve this issue, apply the hotfix package that is described in the following Microsoft Knowledge Base article:
942819 (http://support.microsoft.com/kb/942819/ ) Description of the SharePoint Server 2007 post-Service Pack 1 hotfix package: January 31, 2008
Back to the top
http://blog.tomaselfving.com/2007/12/moss-audiences-with-sharepoint-groups.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;948681
Hotfix
http://support.microsoft.com/kb/942819/
Posts
No comments:
Post a Comment