Krichie – That SharePoint Guy

April 23, 2007

My response is my responsibility

Filed under: Uncategorized — Keith Richie @ 10:17 pm

I’ve been reading a couple of really great books by Dr. Emerson Eggerichs.  The first is titled “Love & Respect“.  The book is for Married couples and if you are married…I would highly recommend this book, but that’s not the reason I’m making this post.

The book ends finalizing everything that is covered with one key statement: “My response is my responsibility”.   This one statement has had a truly powerful impact on me, but not for just my marriage, but for so many different things.

My response is my responsibility

This statement has really touched a nerve in me that has built up over the past several months as I’ve struggled with a great multitude of many things in my life.  Not just my marriage, but in me.   It’s not something that hasn’t been told to me a thousand times, and I’ve always known, that the words I choose to speak verbally or electronically :) Have a profound impact and lasting message in representing everything about me and how people interpret me.

My response is my responsibility

The only thing one has to realize is that it doesn’t matter what you think of yourself, or how others perceive you, because it boils down your actions and responses in EVERYTHING.

I have always prided myself in my ability to respond very quickly, and provide an “Answer” to something, and I always feel “Bad” if I can’t come up with a quick response to help someone out with their request, need, or desire.  I would look at that as a failure in me, in not being able to provide an answer or response in a timely fashion, but after reading this book; thinking about this simple statement; meditating and praying; I’ve come to realize that something I pride myself so much on, is probably one of my biggest problems :) :) .

My response is my responsibility

I can’t count the number of times I’ve been approached and told “Hey Keith, slow down and think about that for a moment…don’t be so rushed to reply; answer; and respond”, and it’s something I’ve been working on for a long time.   Sure, they told me that I have this tendency, and I’ve been working on it :)   But allot of times, I always “Allow” the excuse of time, and things like “Well, some people can’t read emotion in email” :) and “Hey, understand I’m very busy…I’ll have to work with that person to instruct them that it’s not me, it’s how their interpreting what I said” only to realize that probably 98% of the time, it IS because of what I said :) .

My response is my responsibility

I’ve been working this statement through my head for the last week, and I can’t express to you how many things have been revealed to me about myself in “EVERYTHING” I do, that I’ve sat back…burst out with laughter as I realized “Oh dear, it was me all along”, because no one can truly see me for what I am, than in my responses.  I HAVE to stop, think about what I need to say, and then say it responsibly.

I’m not saying I’m a bad person, and that I’ve stated cruel things, or laughing about what I may have stated before, but laughing with the realization that “I got it!” about myself, and I’ve been completely missing the boat for so long :) .

My response is my responsibility

The next time your sitting there, and you’re chatting with a family member; a friend; a co-worker; your boss; sending an email…Remember, your response is your responsibility.

I have to get back to work now….just thought I’d share :)

- Keith

April 14, 2007

Get the balance right

Filed under: Uncategorized — Keith Richie @ 12:03 am

“Don’t turn this way, don’t turn that way, straight down the middle until next Thursday.

Push to the left, back to the right

twist and turn till you got it right.

Get the balance right, get the balance right.”

 

I just realized it’s been ages since I’ve posting something on my “History of Musical Influences” series of postings…but this week, I’ve been completely stuck in the 80′s.  I need to post the next part of that series, but regardless…Listening to all my favorite music form the 80′s, has made me think of where I came from, what I’ve done with my life, and where I want to take myself moving forward.  In a sense you could say this is part II of my “Found my life again” posting.

Since posting that, I’ve been trying to adjust other things in my life, and due to my own personal reflection and comments from family members, you realize one thing first and formost:  Change is hard and never ending!

I look back to Circa 1985, and go “Oh dear, what was I thinking….”, but I look back to “The summer of 85″ and realize this is the time when I started “Getting it”.  I started “getting” what was going to be important for me to do.  I say that my days of “youth” ended that year.  Sure…There’s been times where I’ve fallen, did stupid things, didn’t act like an adult (And most days I’m still not acting like an adult :) ), but since then, I’ve pretty much gone non-stop in my relentless persuit to “Take care of business” that I’ve failed to realize just what that business is that I need to take of. 

Listening to all my old favorite tunes, this one comes at me like a brick.

I’ve got to learn how to “Get the balance right”.

Ok, that’s enough on this…and yeah, if you’re questioning…That’s me circa 1985.  (Hey, it was the 80′s  we all dressed like that…didn’t we?)

 - Keith

April 11, 2007

SPWeb.HasUniqueRoleDefinitions useless?

Filed under: Development, SharePoint — Keith Richie @ 12:26 am

I’ve been in the trenches updating DeliverPoint to work with Windows SharePoint Services 3.0/Microsoft Office SharePoint Server 2007 for the past 3 months and thought I’d take a moment to start blogging some issues I’ve found along the way yet have not had the time to post yet.  

Apparently SPWeb.HasUniqueRoleDefintions does not always report accurately.

From the SDK as of 04-10-2007:

SPWeb.HasUniqueRoleDefinitions

Gets a Boolean value that indicates whether the role definitions are uniquely defined for this Web site or inherited from a parent Web site.

But here’s the problem.

Regardless if HasUnqiueRoleDefinitions is true or false, when you access the ParentWeb property of the SPRoleDefinition you get from the SPWeb.RoleDefinitions collection, ParentWeb always returns a reference to the same web the collection is being derived from.  I.e., it never points to any other web.

So if by chance you were working with a SPRoleDefinition for a SPWeb where HasUniqueRoleDefinitions was false, and you accessed SPRoleDefinition.ParentWeb, you would in fact get that web.  SPRoleDefinition.ParentWeb always refers to the web the collection was derived from.  Therefore from a reference to SPRoleDefinition.ParentWeb, I could not enumerate the proper RoleDefinition collection from ParentWeb.RoleDefinitions.  It’s possible that said SPRoleDefinition doesn’t even belong in that collection.

This means one of three different possibilities

1) Role Definitions are truly uniquely defined at every web (Just like the old V2 “Group”….That’s really what they are), and HasUniqueRoleDefinitions is something that was an “Idea” but was never fleshed out, because the concept of Role Definition inheritance never was fully fleshed out, or

2) I’ve misread the purpose of this property, and relating it to the RoleDefinition collection for the web, i.e…Just because HasUniqueRoleDefinitions might be True, does not mean that you can access the SPWeb.RoleDefinitions to get to those unique Role Definitions at that web.

3) SPWeb.hasUniqueRoleDefintions is flat out busted.

Regardless, I can’t rely on it, and I can’t wait for a hotfix to be released and take a dependency on the hotfix or a later service pack…So, I’ve “worked around” the problem :) .

 - Keith

April 10, 2007

$550.00 Bucks for a pair of shoes!?!?!?!

Filed under: Uncategorized — Keith Richie @ 4:59 am

(Update: Previously titled “$350.00 Bucks for a pair of shoes!?!?!?!

Are you stinkin’ kidding me????  I had heard it possible, but not until you actually “See it” do you believe it :) .

So, as a faithful Amazon.com customer (Like I’m sure alot of you are), you may have heard about their new endevour, Endless.com where you can go shop for Womens/Mens shoes and apparell.

I get the email from them to check it out, and of course I share with my wife. 

THEN I go look at the site, and I think I’m going to be in real big trouble now :)

Well, if I see a charge to ENDLESS show up on my accounts, I’ll know what my wife just purchased..Possibly this pair of shoes.

Oh wait, I better go back and check and make sure that wasn’t just the price for “One” of the shoes rather than the pair!

 

(Update: No more than 5 minutes later after original post)

“Well, how DARE I think it could be worse…Yep, you guessed it.  This pair of shoes is on sale at $350.00, with an original price of a whopping $574.95

I don’t feel so guilty for the amount of money I spent on my last phone now….Oh wait, yes I do…I still feel I spent too much money…but then again, I’m a tight wad.

 - Keith

April 5, 2007

Beware of Cascading Deletes in WSS/MOSS

Filed under: General, SharePoint — Keith Richie @ 4:40 am

[Update: 09-28-2007 - Actually the conclusion is this is NOT a bug, but by design behavior for this release.  The SPM that I emailed when I discovered this, got the this issue mixed up with some other bugs that were being fixed and confirmed incorrectly originally. 

Please note, that the SharePoint Product Managment team is is definitely interested in any customer feedback to consider for improvements...]

[Update: 04-30-2007 - I confirmed that this is indeed a bug in SharePoint, and is "NOT" expected behavior or by design.  A fix is being worked on to correct this behavior, and once complete I was informed that the fix would also be sent to me to test the results with in my scenario.  Once I get it, I'll update this posting as well with the status.] 

This is one of those issues that if you are not aware of, can cause an enormous amount of confusion for your IT staff, and grief from your users.  I encountered this finding earlier this week and thought it was at the scope of the web you’re working on, but found it also affects all webs underneath “DEPENDING” on your inheritance structure.

Todd Bleeker and I had tons of email on this a short while ago with both of us being “EXTREMELY” surprised by this behavior when I found it.

I’ll use his simple statement of the problem, then explain to you what’s going on, because if you’re like me, you have to either A) See a visual representation of it or B) Perform the same steps yourself to see it.  After typing this entire post out, it can still be very hard to follow, so I encourage you to do your own testing.  It just makes me realize how helpful DeliverPoint 2007 is going to be.

So, as Todd states it:

When a [grand]child site is inhering permissions from its [grand]parent, non-site securable objects that have unique permissions are affected by a delete on a site that is defining permission for that hierarchy.

So imagine this site collection structure:

Mind you I’m no artist when it comes to expressing this graphically :) , but the legend in the top right hopefully explains enough.

A is the root web of the site collection, and A1 and A2 or subwebs of A,

A3, A4 and A5 are subwebs of A1, and A6 and A7 are subwebs of A2

Red indicates where we have unique security defined (Security inheritance is broken)

The small notepad looking icons at the bottom are individual items within the yellow folders within a list on each web.  For the purposes of this example, I’m calling out individual List Items, but the problem exists whether the object in question is a List/Document Library, a folder within a document library, or an item within a list/folder, etc.  It boils down to every place that the ISecurableObject interface is exposed and where you can set unique security in SharePoint.

Imagine, that in each place where we have unique security defined, a given user has some sort of unique permission levels.  For this example, let’s assume the user is MYDOMAIN\jdoe

On the top level web (A), jdoe has the Read permission level set, therefore on A1, A3, and A5 his permission level is “Read” via inheritance. (He could even have the implicit “Limited Access” permission level if he was never granted direct rights on A for that matter)

On A2, he has Contributor Rights, and on A4 we’ve broken inheritance at the web level also and gave him Design rights.

Now, for each individual list item noted above, he has the “Full Control” permission level, because he really needs to do anything to that item he wants.

Let’s say you come along and decide you really don’t want him having “Read” access at all, and you only want him to retain his “Full Control” on the items in question.

You can’t directly assign a user the “Limited Access” permission level, so your only choice is to remove him from A and every other place other except for the list items, so you start by removing him from A

You move on to A2, and remove him there as well, then you visit A1. 

There’s of course nothing to do at A1, because A1 inherited its permissions from A, therefore by removal from A, you have removed his rights from A1, so you skip past A3, A5, A6 and A7.

Now, you visit A5 and remove his rights from there.

MYDOMAIN\jdoe now only has “Full Control” from all the individual items above right? 

Nope :)

If you removed the user from A, A2 and A4, jdoe has absolutely no rights whatsoever in the entire site collection.

If you went back and ONLY remove jdoe from A, then jdoe ONLY has rights on the list items contained within A4, A6, and A7 and he was removed from unique security of the list items contained within A3 and A5

The “X”  indicates where the “Gotcha” manifests itself.

Therefore non-site securable objects that have unique permissions are affected by a delete on a site that is defining permission for that hierarchy.  Therefore it’s important to TRULY understand your site/list/folder/inheritance structure

Oh, but there’s more!

Keep in mind, that if you had unique security on a list, and the item also had unique security, removing the user from the list, removes them from all items contained in the list regardless if the subitems are inheriting or not, which is different from web level security inheritance.  (Web level unique security blocks the cascading delete)

So, if you have the following:

WebWithUnique->SubWebInheriting->List->Folder->ItemWithUnique

Removing a user from WebWithUnique removes the user from ItemWithUnique if the user had permissions there, because SubWebInheriting does not break the inheritance chain, thus the “ItemWithUnique” is treated as a child item to WebWithUnique although it’s contained in SubWebInheriting as far as permissions are concerned.

where as

WebWithUnique->SubWebUnique->List->Folder->ItemWithUnique

Removing a user from WebWithUnique would NOT cause the user to be removed from ItemWithUnique because SubWebUnique breaks the “Web” level security inheritance.

yet given the following:

WebWithUnique->SubWebInheriting->ListWithUnique->FolderInheriting->ItemWithUnique

If you remove a user from ListWithUnique, the user is also removed from ItemWithUnique (If the user exists there) even though FolderInheriting resets the inheritance chain.

Believe it or not, I actually see why you “WOULD” want to remove a user from an uniquely secured object implicitly when you remove the user from a grandparent object (For instance, removing the user from a List, you really want the user removed “FROM THE LIST”)

But for it to “Jump” past web level boundaries and affect your lists/folders and items that had unique security buried within was completely unexpected.  Then to find that this would ONLY occur across webs where the security was inherited at the web level (But yet still unique at the list/folder and item level)

Oh, but so much more!

Consider the following scenario:

WebWithUnique->SubWebUnique->ListInheriting->FolderUnique->FolderInheriting->ItemUnique

Let’s pretend that at FolderUnique we add User1 with Design rights, then at ItemUnique we break inheritance again, and and remove User1, but add User2 with Contribute rights.

When you look at SubWebUnique, you’ll see both User1 and User2 with Limited Access.

Now, Select “Actions” and “Inherit Permissions” on SubWebUnique to re-inherit from WebWithUnique.

If you go back and look at the permission settings for FolderUnique and ItemUnique, you’ll also notice that the unique security is wiped from there, and they are reset back to inherit, therefore all child items of the “Webs” security are reset, because when you said “Inherit” It causes ALL Unique inheritance in the web to be wiped out, not just the Web level.

Now, it gets even worse.  Try this experiment out yourself

Start with the following:

WebWithUnique->SubWebInherits->ListInheriting->FolderUnique->FolderInheriting->ItemUnique

Add User 1 with Full Control to ItemUnique

Break inheritance at SubWebInherits and add User2 with Read rights or something (You’ll notice that User1 was given Limited Access all the way up to the grandparent site), so now your structure is as follows:

WebWithUnique->SubWebUnique->ListInheriting->FolderUnique->FolderInheriting->ItemUnique

Go back to SubWebUnique and re-inherit permissions.

You’ll notice that you’ve lost all unique permissions defined on any list/folder/item period within the subweb and any web that has web level inheritance.

In closing

I know this posting is extremely difficult to follow, but feel it’s important to share, even if you find it difficult to follow my examples.

 - Keith

Blog at WordPress.com.