Administrators can manage the following security settings for the
Business Data Catalog:
Authentication. By default, Microsoft Office SharePoint Server
2007 uses the Single Sign-On (SSO) service to authenticate users who are
attempting to view business data on SharePoint sites.
Authorization: shared services permissions. After users are authenticated,
users must be granted the correct services permissions for the Business Data
Catalog. Some of these permissions also require read permission to the Shared
Services Administration site. Permissions can be set for all applications in
the Business Data Catalog, or for specific line-of-business applications, or
for one or more imported entities for a specific line-of-business application.
To access business data, users must be properly authenticated,
have all of the necessary services permissions for the Business Data Catalog,
line-of-business application, and entity accessed, and have access to the
Shared Services Administration site for administrator tasks performed on that
site.
Authentication for the Business Data Catalog typically uses SSO to
access line-of-business applications by using stored credentials. However,
other authentication methods can be used.
Permissions
for the Business Data Catalog are administered from the Shared Services
Administration Web site for each Shared Services Provider (SSP). Administrators
must have the following permissions when working with permissions for the
Business Data Catalog:
Read
permission to the Shared Services Administration site.
Permissions
to the site are granted by site administrators for the site. During
installation, the account used to create the SharePoint Services Administration
site is granted the rights of a site administrator. This account can later be
used to grant read permission to other users.
The
Set Permissions shared services permission to the Business Data Catalog. This
permission is granted to the first site administrator for the Shared Services
Administration site (that is, the account used to create the site). Additional
users can be granted this permission by the site administrator or any other
user who already has the permission.
Users
must have the following services permissions to perform additional tasks:
Edit
permission: Used to import, update, and delete application definitions for
line-of-business applications.
Execute
permission: Used to execute method instances for business data entities. This
permission is intended for developers, and does not require access to the
Shared Services Administration site.
Select
in clients permission: Used to select business data in Web Parts, columns in
SharePoint lists, and other clients with access to data from the Business Data
Catalog.
This
permission is intended for information workers, usually administrators or site owners
for SharePoint sites that display business data from line-of-business
applications. This permission does not require access to the Shared Services
Administration site.
The
account used to create the SharePoint Services Administration site is granted
all of the services permissions during installation.
Permissions
for the Business Data Catalog are managed separately for each SSP. Access to
business data imported to the Business Data Catalog for a specific SSP uses the
same shared services permissions.
For
more information about authorizing access to business data imported to the
Business Data Catalog, see Manage authorization for the Business Data Catalog.
The
following tasks for administering Business Data Catalog permissions are
performed in this order:
Manage
authentication for the Business Data Catalog
Manage
authorization for the Business Data Catalog
Manage
permissions to the Shared Services Administration site
About people search
To enable people search in Office SharePoint Server 2007, you
enable, configure, and use the My Site feature. My Site is a personal space for
users to manage and store documents and provide information about
qualifications, skills, and interests that might be useful to other people. The
more information that people share about their projects, responsibilities, and
areas of expertise, the more relevant and focused a people search becomes.
You can take advantage of My Site functionality in Office
SharePoint Server 2007 to enhance people search capabilities within your
organization. People search uses the users’ job-related information in their
individual My Site sites to create a broad picture of the skills, projects,
knowledge, and responsibilities in your organization.
When
planning for people search for users, you can supplement the default search
scope for people search with customized search scopes and tabs in the Search
Center for more specific groups of users.
Scopes
can use information that is stored in the user profile properties, which
organize and display all of the properties related to each user. It is
essential that data in the user profile properties is accurate, complete, and
configured to correctly deliver the relevant data in the search results. You
ensure this accuracy and precision by importing user profile information from
the Active Directory directory service, Lightweight Directory Access Protocol
(LDAP) servers, and from applications registered in the Business Data Catalog.
You can also manually add, edit, and map user profile properties. You crawl the
user profiles to make the properties available to be used in the people search,
and then you verify the results of the crawl to ensure that the user profile
properties were correctly crawled.
