Administrators are often asked to provide groups of users a
central repository for team or project documents. Since multiple
users have access to these repositories, documents that are of a
sensitive nature may require additional security. In this lab,
three tools are used to create and then add properties to the
existing authorization process and to add the flexibility needed to
assign different permissions to individual files within a document
repository. The tools used are Microsoft Forefront Identity Manager
(FIM) 2010 for property creation and user provisioning and
management, Cisco Enterprise Policy Manager (Cisco EPM) for the
creation and enforcement of rules that add security to a document
repository and Microsoft SharePoint Server 2007 as the portal.
Business scenario
The Finance department of an organization needs to produce
periodic filings for the U.S. Securities and Exchange Commission
(SEC). The department wants to create a SharePoint site called
Financial Reports for the documents that are needed. However, some
documents for the SEC filings are of such a sensitive nature that
access needs to be limited to one or just a few financial analysts.
SharePoint's security model does require authorization when a user
attempts to gain access to individual sites and document libraries,
but the department would like additional requirements to be a part
of the security check that is performed. For example, only users
that are at a US location and that have full time employee status
should be granted access. Also, Finance department employees are
assigned a clearance level. This clearance level must be included
as part of the security check.
Lab Product and Solutions
The tools used are Microsoft Forefront Identity Manager (FIM)
2010 for property creation and user provisioning and management,
Cisco Enterprise Policy Manager (Cisco EPM) for the creation and
enforcement of rules that add security to a document repository and
Microsoft SharePoint Server 2007 as the portal.
Download the Lab Whitepaper:
