none
Base and extended web applications

    Question

  • I have a requirement to maintain different permissions for the base and extended sites. Is it possible for me to set different permissions for base and extended site?
    Friday, May 27, 2011 12:49 PM

Answers

  • Could you be a bit more specific about what you mean by different permissions?

    An extended web application shares the content database with the base web application.  Since regular permissions are stored in the content database both web applications share those permissions.  So there would be no way to have a different set of specific permissions apply to a web site, list or library based on the URL (Zone) used to access the content.  Policy Permission levels assigned in Central Admin to a Web Application are the one spot in SharePoint where you can either Grant or Deny specific permissions.  So the one thing you can do is set a Policy Permission Level for AD users or groups that apply to the whole web application.  I've used this to limit all users to ReadOnly access when accessing a site through a particular zone.  But the permissions you set through a permission policy apply to the whole web application and can't be refined at the site, list or library level.  So depending on your scenario that may or may not help.


    Paul Stork SharePoint Server MVP
    • Marked as answer by Rajesh K Monday, May 30, 2011 11:51 AM
    Friday, May 27, 2011 1:09 PM

All replies

  • Could you be a bit more specific about what you mean by different permissions?

    An extended web application shares the content database with the base web application.  Since regular permissions are stored in the content database both web applications share those permissions.  So there would be no way to have a different set of specific permissions apply to a web site, list or library based on the URL (Zone) used to access the content.  Policy Permission levels assigned in Central Admin to a Web Application are the one spot in SharePoint where you can either Grant or Deny specific permissions.  So the one thing you can do is set a Policy Permission Level for AD users or groups that apply to the whole web application.  I've used this to limit all users to ReadOnly access when accessing a site through a particular zone.  But the permissions you set through a permission policy apply to the whole web application and can't be refined at the site, list or library level.  So depending on your scenario that may or may not help.


    Paul Stork SharePoint Server MVP
    • Marked as answer by Rajesh K Monday, May 30, 2011 11:51 AM
    Friday, May 27, 2011 1:09 PM
  • Thanks Paul. I tried the same and it is working for me as expected.
    Monday, May 30, 2011 11:51 AM