Hello everyone who is tracking my topic for level 100 ITPro, which is mentioned how to plan and design Service application architecture in order to meet business requirement.
In previous posts, you reached out to new capabilities of Service applications including flexibility, extensibility and scalability platform, which is like a tranquillizer to cure you of dizzy. The challenges from Shared Service Provider were resolved by improvements of Service application in SharePoint 2010.
At this post, there are 4 basics that you need to consider and then implement in order to meet Service application security policy.
- Delegate administration for specific Service application
- Permission of Service application
- Restrict access to a Service application
- Approach Secure Store Service
Delegate administration for specific Service application
A good new capability of Service application in SharePoint 2010 is that you can delegate administration for specific Service application. If you pay attention to part 1, you will see that I delegated administration account for Managed Metadata Service so that this user account only had administration permission in Managed Metadata Service interface management. Before implementing Service application functions, you should document administration role, which is responsible for managing your Service application. Generally, you are responsible for this role but sometimes, you need to delegate for secondary administrator of Service application. Remember this administrative task is just for specific Service application.
Permission of Service application
SharePoint 2010 allows you to limit permission for specific Service application. This is a good feature for security policy. You can look at the following example.
Restrict access to a Service application
For restricting access to a Service application perspective, you can allow access to a Service application by adding service account to the Service application. If you need to dig into the best practice for using Service account, please check out this post from Todd, who is international SharePoint expert as well as SharePoint MVP.
In order to learn more about how to restrict access to a Service application, please come to TechNet
Approach Secure Store Service
This content might not be included in your plan but I would like to introduce it to you. Check out about what Secure Store Service is here. Now, before finishing this post, I would like to share the following table.
The last one I want to mention is isolated requirement that was introduced in part 2. Implementing isolated requirement is a part of security policy that you should consider.
To be continued…
18:00 GMT +7 July 8,2011