locked
Preventing users from browsing User Info RRS feed

  • Question

  • So I have a portal setup with Forms Based Authentication where client users login to a client site via a username/password.  Each client has their own specific site in the site collection.  If those users navigate to All People, they can see the user info of all users across all client sites, which is definitely not good.  Is there any way to restrict those users from seeing all the User Info?  I have tried creating a custom permission level where Browse User Information is OFF but this prevents the users from using the address book in a People/Group field.  Any assistance would be appreciated.
    Friday, July 1, 2011 11:22 AM

Answers

  • If you want a hosted environment where users are kept separate from each other you should investigate multi-tenancy.  The best article on it is here:

    http://www.harbar.net/articles/sp2010mt1.aspx

    But that assumes each client is setup with their own site collection.  There is no way to prevent users from seeing the All People list within a site collection other than restricting their ability to browse user information.  and as you have seen that has negative side effects.  SharePoint just isn't designed to host users on a site by site basis.


    Paul Stork SharePoint Server MVP
    Friday, July 1, 2011 12:06 PM
  • Thanks.

    Here's the only relevant text extract that I can see from that otherwise SP 2010 article (assuming that the advice to investigate multi-tenancy is still relevant)

    "We had a bunch of problems with doing multi-tenancy in SharePoint 2007. Inherent limitations with Web Applications meant that true isolation wasn’t possible, and Site Collections couldn’t provide consistent management capabilities. Furthermore URL namespaces could not be constructed in a manner suitable for multi-tenancy. Probably the biggest problem though was with shared services, which were simply not designed with hosting in mind. Whatever services were offered by a SSP were consumed by all associated web applications and we only had very limited ability to delegate control. Managing customisations also was pretty much impossible as any changes were reflected across all customers."


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Friday, July 1, 2011 12:46 PM

All replies

  • If you want a hosted environment where users are kept separate from each other you should investigate multi-tenancy.  The best article on it is here:

    http://www.harbar.net/articles/sp2010mt1.aspx

    But that assumes each client is setup with their own site collection.  There is no way to prevent users from seeing the All People list within a site collection other than restricting their ability to browse user information.  and as you have seen that has negative side effects.  SharePoint just isn't designed to host users on a site by site basis.


    Paul Stork SharePoint Server MVP
    Friday, July 1, 2011 12:06 PM
  • >The best article on it is here:

    >http://www.harbar.net/articles/sp2010mt1.aspx

    It's an SP 2010 article (Title "Rational Guide to Multi Tenancy with SharePoint 2010") so either your refering to it is off-topic here, or if the person who started the thread actually is asking about SP 2010, the entire thread is off-topic here.

    Which SP product do you have Sephiroth0327 ?

     

    Moderator pre-SP 2010 forums

     


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Friday, July 1, 2011 12:17 PM
  • We are running MOSS 2007 which is why I asked here
    Friday, July 1, 2011 12:42 PM
  • Thanks.

    Here's the only relevant text extract that I can see from that otherwise SP 2010 article (assuming that the advice to investigate multi-tenancy is still relevant)

    "We had a bunch of problems with doing multi-tenancy in SharePoint 2007. Inherent limitations with Web Applications meant that true isolation wasn’t possible, and Site Collections couldn’t provide consistent management capabilities. Furthermore URL namespaces could not be constructed in a manner suitable for multi-tenancy. Probably the biggest problem though was with shared services, which were simply not designed with hosting in mind. Whatever services were offered by a SSP were consumed by all associated web applications and we only had very limited ability to delegate control. Managing customisations also was pretty much impossible as any changes were reflected across all customers."


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Friday, July 1, 2011 12:46 PM
  • I completely agree with Paul that having all client sites in one Site Collection is not a good idea.  I do have it on my to-do list to address that long term.  Perhaps short term I can just hide All People link in the Navigation...at least for the time being.  Thank you both for your quick responses!

    Friday, July 1, 2011 1:12 PM