Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

«
»

(2012-09-22) Claims Based Authorizations For Sharepoint Through ADFS (Part 9)

Posted by Jorge on 2012-09-22


For the previous part click on the following link: Claims Based Authorizations For Sharepoint Through ADFS (Part 8)

At this point everything is in place for at least the primary site collection administrator to be able to logon against the SP2010 claims based web application. This way I’m able to configure roles within the SP2010 claims based web application to use roles to assign permissions. This allows other (federated) users to access the SP2010 web application based upon their assigned role.

SP2010 knows of three permissions and for each permission I have configured a role. If you have the role, you also get the corresponding permission.

ROLE: ”ROLE_adcorp.app.ADFSAppClaimsOwner” –> PERM: ”Full Control”

ROLE: ”ROLE_adcorp.app.ADFSAppClaimsContributor” –> PERM: ”Contribute”

ROLE: ”ROLE_adcorp.app.ADFSAppClaimsViewer” –> PERM: ”Read”

So, now lets configure these roles and corresponding permissions within the SP2010 web application.

So, open up internet explorer and navigate to “https://app-claims.adcorp.lab:446/” and:

  • Click on “Site Actions” –> “Site Permissions”
  • Click on “Grant Permissions”
  • In the lower right corner of the users/groups field click on the address book icon
  • Enter ONE OF THE ABOVE ROLES in the FIND field and click on the search button
  • Make sure to select the Role node and the click on the role that was found and then click OK
  • Click OK

Repeat these steps for every role that needs to be configured and assign the correct permissions as also stated above.

image

Figure 1: Configuration Of The “ROLE_adcorp.app.ADFSAppClaimsOwner” Role With The SP2010 Web Application And Assigning The “Full Control” Permission To It

image

Figure 2: Configuration Of The “ROLE_adcorp.app.ADFSAppClaimsContributor” Role With The SP2010 Web Application And Assigning The “Contribute” Permission To It

image

Figure 3: Configuration Of The “ROLE_adcorp.app.ADFSAppClaimsViewer” Role With The SP2010 Web Application And Assigning The “Read” Permission To It

After this the roles and permissions look like:

image

Figure 4: The Configured Roles/Accounts And Corresponding Permissions For The SP2010 Web Application

For the next part click on the following link: Claims Based Authorizations For Sharepoint Through ADFS (Part 10)

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Advertisements

This entry was posted on 2012-09-22 at 02:20 and is filed under Active Directory Federation Services (ADFS), Sharepoint Server. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “(2012-09-22) Claims Based Authorizations For Sharepoint Through ADFS (Part 9)”

  1. Claims Based Authorizations For Sharepoint Through ADFS (Part 10) « Jorge's Quest For Knowledge! said

    2012-09-23 at 01:33

    […] Server Core (2) « (2012-09-22) Claims Based Authorizations For Sharepoint Through ADFS (Part 9) […]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
%d bloggers like this: