Sunday, April 24, 2005

Portal Navigation Web Parts

Several vendors have released web parts that provide simplified navigation within portal and WSS sites. In my opinion, the best one is SiteNavigator from Advis. It has more features and options than any of the other parts I've tested and is easy to implement.

While it is fairly simple to retrieve a list of sites and subsites from SQL or query the webs.asmx web service, displaying a nested, hierarchical tree of site based on user permissions is an altogether more difficult task. Microsoft has made this information available via the Sites property of the Microsoft.SharePoint.Administration.SPSiteCollection object. Unfortunately, this object must be invoked by an account that has local administrative access to the Sharepoint server. Advis provides a handy impersonation feature that allows the part to function as an administrative user but this displays all sites, even those the user does not have access to, thus defeating the overall purpose of the web part.

Fortunately, local security policies can be used to meet the administrative requirement of the SPSiteCollection object without completely compromising network security. First, create an AD group for all non-administrative users (place your admins in a separate group). Next, add the SPS users group to the local administrators group of the Sharepoint server. Finally, set the 'Deny Log On Locally' and 'Deny Log On Through Terminal Services' settings in the local security policy (along with any other exclusions your environment may require). You may also wish to disable administrative file shares.

This method will allow each user to see a nested tree view of the sites they have permissions to access. The web part may be implemented on any SPS or WSS site via the web browser Add Web Part function or added to the left-hand navigation pane using Frontpage 2003.