Category Archives: SharePoint 2010

Office 365 – SharePoint Online ‘Sharer’ Beware

The short story:

Beware of using the ‘Share Site’ or ‘Share this site’ links in Office 365 – SharePoint Online without knowing exactly what it is doing: you are potentially granting users access to more content than you intend to. 

The longer explanation:

In my opinion, security is one of the most confusing things in SharePoint for users to manage.  This is both because the flexibility of its design leads to a confusing implementation and because most users aren’t properly trained on how SharePoint security works (yes, this should be handled through a governance policy). 

Because of this, a number of issues usually arise: users don’t have enough access or users have too much access.  Just this weekend I was chatting with someone that uses SharePoint in their organization and she described a conversation with their SharePoint contact who was giving her access to a site – or so she thought.  Typical, irritating to users and something that needs to be handled better in order to successfully accomplish user adoption.  

The flip side of that problem is giving users too much access – more access than you are intending them to have.  Sometimes this isn’t that big of a deal, but many times it can be a serious issue with competing clients seeing each other’s content, etc. There are many examples of how this could turn out badly.    

Well, in SharePoint Online, as part of Office 365, Microsoft has added a nice and easy way to grant users access to SharePoint by way of the ‘Share this site’ link.   Unfortunately, while this is a very easy way to grant users access, it will in many cases grant too much access unintentionally – not because it doesn’t work properly, but because it isn’t doing what most users will expect it to do.

First, a quick primer on SharePoint security:

  • SharePoint has a number of containers and entities, all of which can have security attached to them:  Site collections, sub sites, lists or libraries, folders (I’m not touching this topic in this article) and items.   
  • Security can be assigned directly to these containers and items by adding a user and defining the permissions they have.  Users can also be granted access through an Active Directory security group or a SharePoint security group. 
  • By default, security in SharePoint is inherited.  When you have security on a site collection and create a sub site, you can tell SharePoint to have the sub site inherit the permissions of the parent site collection.  People and groups will have the same permissions to view, add and update on the sub site content as they did on the site collection. 

There are lots of details to work through if you want to dig in, but those are the basics.  Now to the specific problem scenario. 

I have a SharePoint Online site collection and I want to create an area where I can collaborate with people outside my organization on a project.  To me, this translates into a sub site (or even better a site collection if possible) because I can isolate security at a whole site level, I can have a landing page for users, I can add additional lists later without having to change security, etc. So, I create my sub site. 

By default, my site has a document library which is all I really need for starters.  Now, I want to grant my external users access to the site – here comes the potential issue.  SharePoint Online has the ‘Share this site’ link right on the default page.  You can get to the same functionality by going through the Site Actions menu and selecting ‘Share Site’.  Both are shown below.

image

image

Either of these links will open up the following form:

image

Herein lies the potential for a security issue.  Now, the form does some nice things.  It allows you to add users to groups and then send them an email that will alert the user to the fact that they now have access and provides them a link to the site, list, etc. that you’ve just given them access to.  Where this form causes issues is by only allowing you to add them to the pre-existing ‘Visitors’ or ‘Members’ SharePoint security groups.  By adding users to the ‘Visitors’ or ‘Members’ groups, you are very likely granting them access to more than just the sub site. 

The Members and Visitors groups are default groups added to most SharePoint sites and many site administrators allow the groups to be inherited in sub sites and lists as they are created.  Members are generally able to read most everything and contribute to most lists and content.  Visitors can read, but not contribute.  If I were to add my external users that I want to collaborate with on one specific sub site to either of these groups, they’d have access to much of the rest of my site as well unless I had specifically gone and locked down my other content by breaking inheritance and/or removing the Member and Visitor groups from my other sites and content – which most administrators or users do not do. 

Suggested Approach:

The suggested approach to granting users access to only the sub site (or list) is to do it directly/explicitly rather than using the shortcut.

  • On the sub site, select Site Actions –> Site Settings

    image

  • Select Site permissions

    image

  • In the ribbon, select ‘Stop Inheriting Permissions’

    image

  • Now, there are plenty of variations here, but we’re going to add a new group.  Even if I’m only adding a single person right now, it’s better to have a group in place in case you want to add others later with the same permissions.  The group will be visible throughout the site collection (trivia, but might actually be relevant if you have groups for partners, clients, etc. in the same site collection).  So select Create Group from the ribbon.

    image

  • For simplicity’s sake in this example, give the group a name and select the permission level you’d like for the group.  I’m using ‘Contribute’.  Click Create.
  • From the Permissions page (where you land after creating or adding a group), click the name of your group.
  • You are listed as a member by default, but now you can also add other users who will all take on the permissions of the group.  More importantly, they will only have permissions in the sub site, rather than in other areas of your site collection that you might not want them to have access to.  Click New –> Add Users

    image

SharePoint security and permissions have many options.  Be aware of what you are doing when adding users, groups and managing their permissions in order to maintain the security you need and want. 

SharePoint Online (O365) and Windows Phone

I LOVE the ability to view my SharePoint calendars in Outlook right with my Exchange calendars.  This is one of the greatest features ever in my opinion.  The problem now is that I expect to be able to do the same thing on my smartphone devices – but cannot.

Playing with the Windows Phone (pre-Mango) tonight and was hoping to be able to display a SharePoint calendar in my phone’s calendar view.  You’d think if anyone could do it, it should be the MS device but no go. 

Here’s the official post/statement:  http://community.office365.com/en-us/w/sharepoint/527.aspx

Ok.  It’s lame, but Mango isn’t that far out, so we’ll just wait and see. 

Sad smile

To be fair, I haven’t found a way to get this to work on the iPhone/iPad either, though there are a number of 3rd party apps available to assist with access to SharePoint sites.  On the iPad, the screen is big enough to actually navigate to the calendar site itself, which is better than nothing, but I still would like the one-stop-shop available with Outlook. 

Bamboo got close at one point – it looks like a product called MashPoint actually allowed some functionality for ‘real’ SharePoint servers for 2007, but nothing is available for 2010 or the Office 365 solution (sandbox solution).    

If Mango can pull this off – major points to them.  It still won’t solve the problem of my wife wanting to access our family SharePoint calendar on O365 though… Her employer doesn’t allow browser access to O365 – #FAIL. 

SharePoint Designer 2010 Error

I was working on a project where I need to create additional forms for a SharePoint 2010 list. 

The list is a custom list with a number of fields added – nothing fancy (yet). 

I open up SharePoint Designer from the list ribbon and select New form, enter a name and hit OK, only to receive the following error:

image

“Could not save the list changes to the server.”  This translates into “something happened and we don’t have any more details for you.  Virtually useless. 

image

There are a lot of posts and forum entries out there for this, many of which were resolved with things like cleaning out the recycle bin.  Not so in my case. 

Just for kicks, I wanted to see if the problem was on my end.  I opened up an Office 365 site I had easy access to and repeated the same process of opening a list, then jumping into SPD from there to add a new form and it worked flawlessly.  So, pointers back to something on the server-side. 

Back to the server.  Next, I tried editing the existing forms.  Normally I like to leave the existing stuff alone, but I was early enough in the process where it wouldn’t make a big difference for me to delete everything and start over if I messed anything up.  Anyhoo – I got another error message:

image

And clicked “Details”, which gave me the following:

“soap:ServerServer was unable to process request. —> Value does not fall within the expected range.”

This error was more helpful and turned up some better information.  I found the following forum post related to the latest error:
http://social.technet.microsoft.com/Forums/en/sharepoint2010customization/thread/aa093ec9-e491-4fdf-b233-a1ba3eba0f75

The URL for my web application was listed as:  “http://servername/”

The URL that I have been using to access the environment looks more like “http://servername.domain.company.com”.  Per the suggestion in the forum post, I added an alternate access mapping of the long name for an intranet zone, refreshed my browser, opened the list in SPD and was able to create a new form. 

Hopefully this post will help someone with the same issue find the resolution more quickly… 

Office 365 – Be Version Aware

Background:  One of the challenges we face when talking about SharePoint – any version – is that there are not only several versions, but several products with SharePoint in the name.  It’s not often we confuse SharePoint Workspace or SharePoint Designer for something in Foundation or Server.  However when someone brings up ‘SharePoint’ it is often unclear if they are referring to SharePoint Foundation, SharePoint Server – Standard or Enterprise versions.  It may seem like a simple issue, but when someone is talking about SharePoint features or solutions that are part of Enterprise, it’s important to make the distinction so that Foundation users don’t think they can do something they don’t have access to.  The MNSPUG crowd has gotten pretty good at calling this out during presentations, and we are all glad for the distinction. 

Now to the point of this post:  A similar confusion seems to be brewing in the Office 365 space.  There are several versions of Office 365 that have similar, but different feature and capability offerings – with SharePoint Online as well as Exchange Online.  I haven’t seen any differences in Lync Online yet, but I haven’t used it as much as the other two yet.  During the Beta, we’ve been exposed to the Small Business and Enterprise plans, with an Education offering also apparently on the way.  Users need to be aware that when someone is referring to ‘Office 365’ that there can be significant differences between versions. 

Most often when I hear people talking about ‘Office 365’ they are referring to the Enterprise version.  While the Small Business version is certainly capable and appropriate for the target audience, it is definitely different from what is offered in the Enterprise edition. 

One blog site has compiled a list of the feature differences between SharePoint Online in the Small Business Plan vs. the Enterprise Plan.  There are also significant differences in the Exchange management as well, like when setting up forwarding, etc. More information will undoubtedly come out as the platform reaches public status. 

More details on version capabilities and differences will come out.  Just something to keep in mind for the time being. 

SharePoint Saturday Chicago – SharePoint 101

Saturday June 11th was the suburban edition of SharePoint Saturday Chicago.  Raymond (@iwkid), Phil (@pjirsa) and I made the trip with a handful of others from Minnesota.

The organizers did a wonderful job and the weather turned out great as well.  Lots of great sessions and speakers.  They also tried some new things, which was cool.  We had a 101 track and a deep dive room in addition to some of the more traditional IT Pro and Developer tracks.  Also in the mix, and well timed – was an Office 365 track.

I was lucky enough to kick off the 101 track.  We started the day aimed at folks who don’t know much, if anything, about SharePoint.  Hopefully this was useful and enough information to get folks started for the rest of the day.  The track was as follows:

Before getting started, my session was also dubbed “the SharePoint session you should send your mom to…”  and someone did.  Smile

The track seemed to go over well.  We had 20-30 people in each session throughout the day.  The intro topic is a little tough for SharePoint Saturday’s because generally the only people that know about SPS events are those that are already in tune with the SharePoint community.  I think there is a LOT more potential for this track/area, but it might require different or additional marketing to get the audience that it’s really targeted at.  Hopefully we can repeat and expand on the 101 track in other events as well.

My slides are available on Slideshare HERE.

SharePoint MVP Chat – Wednesday June 22, 11am CDT

In case you don’t already have it on your schedule, the next MVP chat will be next week.  These are helpful and crazy events where folks pepper the MVP panel with questions for an hour with MVPs responding as quickly as they can.  Having seen both sides of the event, it’s crazy, impressive and helpful.  So, if you haven’t participated, give it a shot.  Transcripts are also made available after the event so you can take a breath and go back to see what you may have missed in the dialogue. 

Wednesday June 22nd at 9am PDT / 11am CDT. Visit the MSDN event page:  http://msdn.microsoft.com/en-us/events/aa497438.aspx

Twitter: #spmvpchat

Facebook event: http://www.facebook.com/event.php?eid=218219718208348

Enjoy!

Random Links 5/4

SharePoint Basics: I came across a few sites/links that I really like for explaining and demonstrating some of the basic SharePoint and SharePoint Online basics.  For the most part, much of the content will overlap with SharePoint Online as a part of Office365, though some of the site templates may be different:

Site and List Templates – Todd Baginski
http://www.toddbaginski.com/blog/archive/2009/11/20/which-sharepoint-2010-site-template-is-right-for-me.aspx

Managed Metadata – Myles Jeffery
http://blogs.msdn.com/b/mvpawardprogram/archive/2011/03/07/mvps-for-office-365-organize-your-information-better-in-sharepoint-online-office-365-with-managed-metadata.aspx?wa=wsignin1.0

And then, just some other stuff:

XMind – Mind-mapping software that I’m looking at since I’m using a iPad based tool.  I’d like something to use on the laptop as well to edit, etc…  http://www.xmind.net/

Proper Sync – I ran into these guys at the St. Louis SharePoint Saturday event last weekend and need to dig into this product to see what it really offers.  http://www.propersync.com/default.aspx

CodePlex: Sandboxed Solutions – Came up in conversation as a potential tool for printing list content.  Could be interesting.  http://sandbox.codeplex.com/

MetaVis Migration tool – Everyone and their brother was tweeting about the free offer for migrating content to 365.  Check out the details here:  http://www.marketwire.com/press-release/metavis-announces-office-365-migration-program-moving-content-sharepoint-online-1507500.htm

Mark Rackley’s Wrap up from St. Louis: Presenting on jQuery
http://www.sharepointhillbilly.com/archive/2011/05/02/sharepoint-saturday-st.-louis-wrap-up.aspx

Office 365 – The New Business Essentials

I recently attended a conference session about resources and tools available for new business owners.  While a lot of the conversation what about raising seed and venture money, one topic was about the tools and services that are essential to a new business. 

They listed a lot of the things that you would expect: A phone number, a good place to get business cards and a business address (see below). Being in the technology field, I was thinking along different lines. They didn’t mention a domain name, email and a website, though I hope it was just assumed.

I would argue that with the release of Office 365, this is also going to be a small business essential tool.  Office 365 is going to be a simple, inexpensive tool that can meet the core email and website needs while being chock full of so much more potential. 

  1. Sign up for Office 365
  2. Get yourself a domain name and configure your Office 365 account to use it for email and public-facing site. You may need some guidance or assistance with this, but it’s a lot less than setting up your own servers and there are a LOT of resources to help – online and other. 
  3. Build your public-facing site.  This can be as simple or complex as you’d like to make it, but with the template and tools available, you can be up in minutes. 
  4. Now, go about your business.
  5. In the meantime, start to look at all the other capabilities you have:
    1. Lync Online – Conduct your online meetings without needing another services like GoToMeeting, etc…
    2. SharePoint Online – Store and share your documents and other content.  MUCH more later as you learn about SharePoint’s capabilities…
    3. Exchange Online – Primarily your email, but so much more than the basic accounts you had in the past. Manage your calendar and resources and sync them from multiple devices. 
    4. and so, much more…

To be fair, during the session they did also mentioned DropBox, and GoToMeeting. Dropbox may still be a useful tool, depending on the devices you’re using, though Office 365 is going to fill a lot of that capability as well.  GoToMeeting is fully surpassed by the Lync Online capabilities and integration that Office 365 offers. 

So, if you ask me – I wouldn’t start a business without spinning up a Office 365 site as one of the first things. 

Notes and References:

  • The conference I was attending was the MHTA Spring Conference.  They did a fantastic job.  If you’re in the Minneapolis, MN area and can attend I highly recommend it.  MHTA is the Minnesota High Tech Association
    • Grasshopper Virtual Phone System – This could be useful as an alternative to giving out your cell number to anyone.
    • GotPrint.com – Yep, you need to have business cards and these are certainly inexpensive.
    • A P.O. box – Don’t want to be using your home address, but I prefer the UPS box option that allows for a real address with no ‘P.O.’ and notification when stuff arrives.

SharePoint Community Events… Busy Days

There are a handful of things happening in the next day or so that might be interesting to folks in the SharePoint space:

  • Wednesday 4/20 8:00 AMMichael Gannotti’s Coffee Talk will be taking place. His talks include:
    • Microsoft Productivity News
    • Productivity Customer Onsite Experience
    • Special Guests
    • Tips and Tricks
    • Gadget of the week
    • Live Audience Q&A
  • Wednesday 4/20 11:00 AM – Q&A with the SharePoint MVP Experts.  Access the event by checking out the MSDN Events and Webcasts page.
  • Wednesday 4/20 6:00 PM – Microsoft Store at the Mall of America.  From 6:00 – 8;00 there is a Special Event for Business solutions.  They’ll be covering Microsoft Signature Pro and Microsoft Office 365 – Cloud versions of Microsoft’s communications and collaboration (yep – SharePoint) products.  Oh, and did I mention a 15% store discount during the event?
  • Thursday 4/21 11:25 AMSharePoint ShopTalk
    Register for this week’s event.

Hope to see you there!

Office365 – Public Beta Available

Today the public beta for Office365 opened up.  (Happy Tax Day).  So, what does this mean?  And where do you get started? 

Well, there are a TON of resources out there for you to learn about Office365, how to get involved and what it can mean for your organization.  For starters:

So, what is this and why should you care? Office 365 is the newest version of Microsoft’s online (aka ‘cloud’) application offerings. This includes (depending on the version and licensing):

  • SharePoint Online
  • Exchange Online
  • Lync Online
  • Microsoft Office Professional Plus

The big picture is that you can use these services without installing, configuring and managing the hardware and core software stuff – a big load off for many organizations.  You do still need someone that can configure and manage the service for your organization. But it’s a lot less work and hassle than managing an on-site set of servers.

More importantly, you need someone to define *how* your organization is going to use these services and how it fits with the organization’s goals and technology roadmaps – which is where people like me come in.   

The short story is that it’s a lot of bang for your buck.  The next batch of questions now become:

  • Is Office365 a good fit for your organization?
  • What is the best way to use Office365 in your organization?
  • How will it work with your organization’s existing capabilities?

Office365 has a lot of potential to improve the productivity of users and organizations, but it also has the potential to add to the clutter of tools and systems that are out there – just as any platform used poorly can do. 

So, check it out, allow yourself to get excited by the potential, but then slow down and put some time into planning so you can be successful down the road.