Tuesday, January 29, 2008

Microsoft Developer Roadmap Documentation

On Saturday Microsoft released documentation outlining step-by-step roadmaps for some common SharePoint tasks. So far these include the following activities:

  • Setting up SharePoint servers
  • Deploying code and customizations
  • Creating sites and subsites
  • Page designs
  • Document management
  • InfoPath forms
  • workflows
  • Business Intelligence
  • Records Management

Each section is a detailed, matter-of-fact outline of the tasks that should be undertaken and the order in which they should occur. The sections frequently reference content which already exists on MSDN, Technet, Microsoft team blogs or third party bloggers.

The SharePoint team hopes to fine-tune the content over time if the community marks these sections as helpful or submits suggestions or comments on them.

Full details are at http://blogs.msdn.com/sharepoint/archive/2008/01/25/announcing-design-and-build-sites-for-office-sharepoint-server-2007.aspx and the documentation itself can be found at the Technet site at http://technet2.microsoft.com/Office/en-us/library/df6a8515-f49a-4792-8d51-dec4648415541033.mspx?mfr=true

So far in the last year we've seen the release of a mass of content, ranging from

  • Microsoft's Interactive Development Map WPF desktop tool;
  • End user training via desktop install or the SharePoint Learning Kit;
  • SharePointPedia;
  • The SharePoint and WSS SDKs;
  • this latest MSDN and Technet documentation;
  • and of course a multitude of blogs.

It's a full-time job to keep up on the platform, but I guess it keeps us out of trouble!

Saturday, January 12, 2008

Anonymously Searching User Profiles in MOSS

I had a requirement the other day to enable anonymous access on an internal portal and allow users to search across the user profile database - to create what was essentially a corporate directory.

The anonymous "core requirement" was to ensure users didn't have to log in when trying to look up their colleagues (they are using the dreaded Novell e-Directory which does not play nicely with SharePoint). Anyway this time the issue wasn't importing the e-Directory accounts but rather a 401 - Unauthorized error that kept appearing when trying to view the people results.

I tried the following things:

  • I enabled Anonymous access first on the Search Centre lists and libraries and eventually on the entire site collection
  • I added IUSR as a member of Intranet Viewers and made sure that in the policy permissions for anonymous users they had a limited read policy setup
  • I tried to add IUSR_ to the SSP Settings - "Process Accounts with access to this SSP"
  • I manually turned on anonymous access to some of the individual mysite site collections that I was trying to view
  • I modified the My Site settings in the SSP to allow IUSR to be part of the default readers group and for any existing My Sites. Then I had to go to that My Sites collection and give READ permissions directly to the IUSR account
  • I created a custom permission level called "Anonymous View" in the site collection, added View Application Pages, View Items, View Pages, and Open permissions. Then I added the anonymous view permission in the "Intranet Visitors" group to ensure they could get these extra permissions.

Nothing worked. If I tried getting results back directly from the People Search page, the 401 error would instantly appear. For some reason though I could perform a user profile search if I used the regular All Items search with the People scope. However when clicking on the results the 401 error would subsequently appear.

The conclusion: anonymously accessing user profile data does not seem to be supported out of the box. I suppose some custom code might fix this but my goal was to adhere to the vanilla SharePoint as much as possible.

This issue seems to be by design - the user profile data includes colleague information, social relevance algorithms, and organizational hierarchies. None of that information would pertain to the anonymous user account. Additionally, the actual user profile data may be considered sensitive.

Has anyone else come across this limitation, and if so how did you resolve it please?