Jeroen Derde's Blog

My Software Engineering Universe

User Licence Enforcement SharePoint 2013

clock October 1, 2013 03:30 by author Jeroen Derde

User licenceenforcement zorgt ervoor dat er licentie "usage data" wordt gelogd, en toegang tot mogelijkheden die niet binnen de geconfigureerde licentievorm vallen wordt geblokkeerd. Deze functionaliteit staat standaard uit bij installatie van SP2013 en moet expliciet worden aangezet. ULE mogelijkheden werken alleen met een Claims Based omgeving.Om ULE toe te passen kunnen er Active Directory Security Groups worden aangemaakt waaraan vervolgens een licentie categorie wordt gekoppeld. Een licentie categorie kan ook aan een formsbasedrole of een claim worden gekoppeld.

Alle mogelijke categorieën zijn (beschikbaar op basis van installatie):

  • Standard – Delivers the core capabilities of SharePoint, including basic Search functions and Communities platform
  • Enterprise – Provides all the Standard Cal features, including the following Enhanced Search, Business Solutions (Access Services, InfoPath Services), and Business Intelligence (Excel services, PerformancePoint Services, and Visio Services)
  • Project – Access to Project Server that is installed within the SharePoint farm
  • DUET – Allows interoperability with SAP applications
  • OfficeWebAppsEdit (WAC) – Access to Office Web App 

Implementatie voorbeeld:

Er kan aan verschillende Security Groups in het AD, waar in totaal alle gebruikers van een bedrijf in aanwezig zijn, een licentie categorie gekoppeld worden. Door de licentie catagorie“Standard” aan deze security groups te hangen, krijgen alle gebruikers alleen toegang tot de functionaliteiten die vallen onder de Standard CAL van SharePoint. Voor Office Web Apps moet de categorie “WAC” aan dezelfde groep worden toegekend.

User Experience:

Als een gebruiker alleen toegang heeft tot de Standard CAL functionaliteiten, en hij komt op een pagina waar Enterprise CAL features worden gebruikt (zoals bijvoorbeeld het Content Search webpart), dan zal run-time de Enterprise feature niet getoond worden. Bij dit webpart zal in de pagina een melding wordengegeven aan de gebruiker: “Sorry, we couldn’t find your license to use this feature.”

Naast het afdwingen van Webpartsworden ook in de Webpart Gallery mogelijkheden weggenomen als dit onder de geconfigureerde licentie voor de gebruiker noodzakelijk is. Als de gebruiker een Standard CAL heeft, dan zullen de Enterprise CAL webparts ook niet getoond worden, en is het niet mogelijk voor de gebruiker ze toe te voegen aan een pagina.

Logging:

Logging loopt via de Usage and Health data collection in Central Admin. Iedere keers als de gebruiker toegang tot SharePoint vraagt wordt dit gelogd in de Usage Data. SharePoint houd een cache bij (in de Distributed Cache) om tijdelijk logging data in op te slaan, voor het geval dezelfde gebruiker nogmaals toegang vraagt tot SharePoint. Hiermee wordt voorkomen dat de logs vollopen met toegangsmeldingen van dezelfde gebruiker. De cache wordt 24 uur vastgehouden waarna hij wordt opgeschoond, en dezelfde gebruiker opnieuw gelogd zal worden.

Note: Whether user license enforcement is enabled or not, usage data is logged about which features a user accesses and which licenses they have. 

Note: If user license enforcement is disabled, then the log entries are simply mapped to the installed SKUs which are standard or enterprise.  So, a user accessing a SharePoint deployment that has the Enterprise CAL will be logged as an Enterprise CAL user.  If a user accesses a SharePoint deployment with the Standard CAL, then log entries will contain the Standard CAL for that user.  Only standard and enterprise are logged in this case.

Note: If user license enforcement is enabled, then access to unlicensed features will be logged as ‘unlicensed’.  If a user belongs to more than 1 CAL group, a seperate log entry will be added for each CAL pertaining to the user.  As well, user CAL and device CAL information will be included so that a user’s name that is attempting to access the feature, along with their IP address.

Techniek:

Voorbeeld powershell voor koppelen securitygroup aan Enterprise CAL

$a = New-SPUserLicenseMapping -SecurityGroup "CORP\Enterprise Client Access License" -License Enterprise
Add-SPUserLicenseMapping -Mapping $a 

 Beschikbare PowerShellCmdLets

1. Get-SPUserLicensing

2. Enable-SPUserLicensing

3. Disable-SPUserLicensing

4. Get-SPUserLicense

5. Get-SPUserLicenseMapping

6. New-SPUserLicenseMapping

7. Add-SPUserLicenseMapping

8. Remove-SPUserLicenseMapping

 

De beschikbare categorieën in de Farm kunnen bijvoorbeeld opgevraagd worden aan de hand van het volgende Powershell Commando: Get-SPUserLicense

 

Figuur 1- Voorbeeld beschikbare categorieën in SharePoint Demo omgeving

NOTE: Het is ook mogelijk om een koppeling te maken voor een specifieke WebApplicatie in SharePoint

NOTE: User License Enforcement can be used to compliment blended CAL scenarios (such as serving Enterprise and Standard CALs within a single-server farm), but does not enable compliance.  In addition the MAP toolkit can be implemented for reporting purposes.

Bronnen:



Powershell RunWithElevatedPrivileges

clock September 13, 2011 20:46 by author Jeroen Derde
[Microsoft.SharePoint.SPSecurity]::RunWithElevatedPrivileges( 
{
     $site = get-spsite "http://localhost/nonfarmadminsitecollection" 
}
) 

$elevatedSite = new-object Microsoft.SharePoint.SPSite([Guid]$site.ID,$site.SystemAccount.UserToken)


Link Tools (Ribbon) Remove Link does not delete link

clock July 18, 2011 20:38 by author Jeroen Derde

The issue occurs on a publishing site that has a contenttype containing a Publishing Hyperlink (SPFieldLink).
Inserting a link with the Link Tools Tab of the ribbon works fine, but removing the link after it has been set does not.
Found a post on Stackoverflow that describes the issue in detail:

For quick reproduction: (steps and testing by M. Siepel)

  • Create a Publishing Portal site
  • Create a column of type Publishing Hyperlink 
  • Add the column to de Welcome Page contenttype
  • Navigate to the Press Releases page 
  • View information -> Edit
  • Add a link to the newly created column and save the page
  • Open it again, remove the link (the link is visually removed, it even says: Click here to add a new Hyperlink)
  • Save the page again
  • Now open the page again. 
  • In our situation, the message 'Click here...' is gone, and if you view the source our original link is still there, but there is no text inside it.

I did some testing on it and these are the results:

  • It occurs on dev and prod server with a custom solution installed
  • It occurs on a server with no custom solution installed (clean install)
  • It also occurs on the 'Adventure Works' site (both on a clean install and on a server with custom solution) 
  • It occurs both when creating a sitecolumn of type Publishing Hyperlink through API and UI
  • When viewed with firebug the 'deleted' link is still in the href property, but the text property is empty
  • Tested on IE/FF
  • When viewing with Sharepoint Manager 2010, the link is still in de DB (with no text property as stated above)
  • It happens on Dutch and English sites.

A little more time on the Bing machine resulted in finding a post from M Siepel on the Microsoft forums:
http://social.msdn.microsoft.com/Forums/en-AU/sharepoint2010general/thread/8ce468ec-096b-4ad2-a1e9-0bfb93cecf95

Basicly it states that the bug can be reproduced consistently and it has been reported to the product team. Lets hope this will be fixed in the next CU.

Someone already created a powershell fix, but that is not really end-user friendly. I will update this post

Param([string]$site0=http://mysharepoint, 
[string]$list0="My List",
[string]$itemKey0="Item Key",
[string]$linkUrl0=http://newlink,
[string]$desc0="New description",
[string]$toolTip0="New Tooltip") $site = Get-SPSite($site0) $rootWeb = $site.rootWeb $lists = $rootWeb.Lists $list = $lists[$list0] $items = $list.Items $listItem = $items | Where-Object {$_.Name -eq $itemKey0} $linkUrl = $listItem["Link Url"] $linkUrl.NavigateUrl = $linkUrl0 $linkUrl.Description = $desc0 $linkUrl.ToolTip = $toolTip0 # this is the trick - set the object back to listItem $listItem["Link Url"] = $linkUrl $listItem.Update()

 



Visio 2010 XSD

clock June 6, 2011 23:28 by author Jeroen Derde

About a week ago Microsoft published the XML Schema Definition (XSD) files for the Microsoft Visio 2010 XML Drawing (.vdx) format. This schema is also known as DatadiagramML.
This should make it alot easier to use the visio file to generate code based in the visio file.

The DatadiagramML Schema for Visio 2010 consists of three .XSD files:

  • visio.xsd is the core schema used by Visio 2003 and later
  • visio12.xsd is the set of extensions used by Visio 2007 and later
  • visio14.xsd is the set of extensions used by Visio 2010

More information about the schema is available in the Visio 2010 XML Schema Reference on MSDN.



Check-LookupColumn PowerShell

clock April 14, 2011 01:08 by author Jeroen Derde

Today I had some issues with a Lookup Column in SP2010.

When using my Admin account I was able to edit an Item and select a value. When using my normal useraccount (with contribute rights on bot lookuplist an list) I wasn't able to select anything, and SP2010 showed an empty dropdown.
Looking at the column properties in SharePoint everything looked OK, but using SP Designer the properties where empty.
Figuring this just might be something other then a rights issue, I wrote a little PowerShell function to check the settings of my Column.

 

Function Check-LookupColumn($webURL, $listName, $columnName, $lookupListName)
{
 $web = Get-SPWeb $webURL
 $list = $web.Lists[$listName]
 $column = $list.Fields[$columnName]
 $lookupList = $web.Lists[$lookupListName]
 
 
 write-host "lookupweb              : " $column.LookupWebId.ToString() 
 write-host "should be equal to web : " $web.ID.ToString() 
 write-host "lookuplist             : " $column.LookupList.ToString() 
 write-host "should be equal to list: " $lookupList.ID.ToString()
}

Turned out that during the migration from one environment to the other, the references of the lookup column had not been updated.
The Admin account had sufficient rights on both environments, so it worked for that account. my user account on the other hand was not available in the source environment, so no sigar.
After updating the column with the right GUID's everything works again.

Wish I had seen this before writing my onw script Laughing, but the script to fix the lookup column can be found at: http://get-spscripts.com/2011/01/fixing-blank-lookup-columns-in.html




Month List

Calendar

<<  December 2017  >>
MoTuWeThFrSaSu
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567

View posts in large calendar

Sign in