|
Excel Services part 9: Controlling and protecting spreadsheets continued ...
Excel服务9:控制和保护数据表的延续……
[Point=2]
Yesterday I discussed one of the main security mechanisms for spreadsheets saved to SharePoint - the View Item right - that guarantees users will only be able to view a spreadsheet on the server and not download it to the client. Today I will cover how we ensure that the spreadsheets that users are viewing are the “right” spreadsheets – specifically, how to control which users can author spreadsheets that will be run on the server, and which versions of those spreadsheets will be available for users to view.
昨天,我介绍了数据表保存到SharePoint的主要安全机制之一——查看项目权限——保证用户只能查看服务器上的数据表而不能把它下载到客户端。今天我将介绍怎样保证用户正在 浏览的数据表是“正确”的数据表——特别是怎样控制哪个用户有权修改运行在服务器上的数据表,这些数据表的哪个版本可以让用户浏览。
Controlling Who Can Publish Spreadsheets to Excel Services
The first step in controlling who can save spreadsheets to the server is controlling where the server will load spreadsheets from. The administrator does this by maintaining a list of directory paths, or “Trusted Locations.” Excel Services checks this list before opening any spreadsheet and will not load and execute spreadsheets unless it comes from a “Trusted Location”. Using SharePoint rights (for spreadsheets stored in SharePoint document libraries) or simple file system rights (for arbitrary UNC paths), the administrator can control who can save spreadsheets into these locations. Effectively, this allows the administrator to control which users have access to save spreadsheets that will be executed by Excel Services.
控制谁有权发布数据表到Excel服务
控制谁有权保存数据表到服务器的第一步是控制服务器从哪里加载数据表。管理员通过维护目录路径列表或者“信任区域”来实现它。在打开任何数据表之前Excel服务首先核对这个列表,但不会加载和运行数据表,除非它是来自于“信任区域”。利用SharePoint权限(适用于数据表保存在SharePoint文档库)或者普通文件系统权限(适用于任意UNC路径),管理员可以控制谁能够保存数据表进入这些存储单元。实际上,这允许管理员控制哪个用户有权保存数据表,这个过程由Excel服务来执行。
As an example, on a company intranet, all employees could have the rights to save spreadsheets (and other files) to various sites within a portal. However, an administrator could designate one trusted location within that portal where only a select few users could save spreadsheets that would be loaded and executed by Excel Services. In turn, the users browsing these spreadsheets are guaranteed that they are viewing sanctioned copies of spreadsheets.
例如,在某个公司的内部网,所有的雇员有权保存数据表(或其它文件)到门户站点上的不同位置。然而,管理员可以指定一个信任区域,在这个信任区域之内只有一些指定的用户能够保存可以被Excel服务加载和运行的数据表。因此,可以保证用户正在浏览的数据表是被认可的数据表副本。
Controlling the Publishing Process for Spreadsheets on Excel Services
When spreadsheets are stored in SharePoint document libraries, we can provide many more features for controlling the process of authoring and publishing spreadsheets, thereby guaranteeing not only that the right versions of the spreadsheet are made available to users, but that the spreadsheets have gone through proper review and approval cycles. Additionally, we can provide an audit log that tracks who accessed which spreadsheet and when. This is very useful in the context of compliance for example. Let’s look at this in a bit more detail.
控制数据表在Excel服务上的发布方式
当数据表被保存在SharePoint文档库时,我们可以提供更多的功能用于控制修改和发布数据表的方法,从而不仅保证用户得到正确版本的数据表,而且这个数据表已经通过适当的审阅和审核周期。另外,我们可以提供一个审核日志,追踪谁什么时候访问了哪个数据表。这对于在实例中遵从流程非常有帮助,让我们来看看有关于此的更多细节。
1. Versioning - The new release of SharePoint has a robust check-in/check-out and versioning mechanism, allowing for major and minor version numbering, as well as security specifically for old versions of spreadsheets (and other documents). Additionally, SharePoint has built-in functionality around retention and expiration of documents so that old versions of spreadsheets are automatically retained and then destroyed in order to meet compliance requirements.
1、 版本——新的SharePoint版本有一个健全的签入/签出和版本机制,考虑到主要和次要版本号,也是为了安全,特别是旧版本的数据表(或其它文档)。另外,SharePoint已经内置了函数功能,这个函数功能围绕文档的保留和到期而设,所以,数据表的旧版本会自动保留然后销毁,目的是为了顺从需求。
Versioning settings in SharePoint
在SharePoint里的版本设置
2. Document approval - Document approval within SharePoint allows an administrator to setup a document library so that when a spreadsheet author saves a new version of a spreadsheet in the library, it is not immediately available to other users to view. Instead, the spreadsheet needs to be reviewed (by an administrator or appointee such as the financial analyst in charge of the library) and can be either approved or rejected. Only once approved does the spreadsheet become available for everyone else that has rights to view it. This approval can be as simple as the administrator monitoring and changing a flag on the spreadsheet in the document library, or can be a custom workflow that sends emails to a group of approvers in order to assure that the spreadsheet meets any number of internal requirements prior to it's approval.
2. 文档审阅——在SharePoint中的文档审阅允许管理员建立一个文档库,当一个数据表被修订后在文档库中保存为新的版本时,它不会立即被其它用户看到。因为这个数据表需要审阅(被负责管理这个文档库的管理员或者指定人员,就像金融分析员一样),可以是批准或者拒绝。一旦被批准,那么这个数据表就可以被那些有浏览权限的用户利用。这个审核很简单,只要管理员在文档库里控制和改变一下数据表的标记;也可以是一个自定义工作流程,在数据表被审阅之前,它会发送电子邮件给审阅者,告知这个数据表遇到许多内部要求。
3. Auditing - Finally, the new version of SharePoint allows administrators to audit key events within document libraries. While we have not implemented auditing within spreadsheets themselves, events such as Open, Create, Modify, and Delete, of spreadsheets are all logged to a centralized audit log, and there are several built-in reports to analyze that log, as well as mechanisms to generate custom Excel reports.
3. 审核——最后,新版本的SharePoint允许管理员在文档库中审核关键事件。在我们还没有对数据表执行审核之前,用户对数据表所进行的打开、创建、修改和删除操作都会被记录下来形成集中审核日志,并且有内置的报告对这些日志进行分析,同时产生自定义的Excel报告。
Auditing settings in SharePoint
SharePoint的审核设置
That wraps up my discussion of controlling and protecting spreadsheets. As you can see, with Trusted Locations and core SharePoint document management features, Excel Services can help customers meet scenarios where it is important that only the "sanctioned" spreadsheet be shared among multiple people, and with the View Item right, can also help to ensure that the people viewing the spreadsheet are always accessing that single, “sanctioned” spreadsheet.
控制和保护数据表的论述到此已经结束。正如你所见,利用信任区域和核心SharePoint文档管理功能,Excel服务可以帮助消费者解决某些特定的事情,其中一个重要的就是:只有“被批准的”数据表在多用户中才能被共享。并且,查看项目权限同样有助于保证浏览数据表的用户只能够访问那些“被批准的”数据表。
Next week I will talk in more detail about Data Connection Libraries and how Excel Services accesses external data.
下周,我会更详细的介绍数据连接库和Excel服务怎样访问外部数据。
Published Wednesday, November 23, 2005 4:45 PM by David Gainer
[/Point]
注:本文翻译自http://blogs.msdn.com/excel,原文作者为David Gainer(a Microsoft employee),Excel home授权转载。严禁任何人以任何形式转载,违者必究。
非常感谢Kevin的帮助和指导!
| 
沪公网安备 31011702000001号 沪ICP备11019229号-2
发表于 2006-5-25 11:25
