A new document-management system

Documents are rarely developed by one person in an organization. Instead, this activity is frequently a collaborative process. One of Microsoft's new .NET servers, SharePoint Portal Server 2001 (formerly code-named Tahoe), facilitates this collaborative process. The sidebar "What Does SharePoint Portal Server Do?" describes the server's functions and product-specific terminology.

During the development of a document, you want to ensure that only those users working on the document, and not the larger user community, can see it. You also want a document-approval mechanism appropriate for your organization that you can invoke before you make a document available (or publish it) to the user community. Let's look at these two SharePoint Portal Server collaborative functions: publishing and approving documents.

Roles in SharePoint Portal Server
To implement the publishing, approval, and other collaborative functions securely, SharePoint Portal Server provides three security roles—Coordinator, Author, and Reader—that you can assign to users by folder or workspace. Each role has a permission set that you can't modify. If a user holds more than one role on a folder or workspace, the most restrictive permission applies. For instance, if the Everyone security group has the Reader role on the Corporate folder and Tom, a user in the domain, has the Author role on the Corporate folder, Tom will enjoy Author role's permissions on the folder and all the documents therein, unless he's specifically excluded on one or more documents inside that folder.

The Coordinator role carries permission to manage the entire workspace or folder. A user with the Coordinator role can perform workspacewide functions (e.g., customizing the digital dashboard), manage indexes, and configure content sources. At the folder level, this person can add, delete, and modify folders and documents. The Coordinator also decides whether to require an approval process and configures that process folder by folder.

The Author role encompasses permissions to add, edit, delete, and read documents in a folder. In an enhanced folder, this role also has permission to publish a document. An Author can create, delete, and modify folders but can't change a folder's permissions or approval policies.

The Reader role has permission to search for and read documents. By default, all users (i.e., the Everyone security group) have this role.

Each workspace provides permission inheritance, which means that permissions set on one object in the hierarchy are, by default, inherited by all the objects at a lower level (i.e., child objects). You can block permission inheritance by configuring the child object to not use its parent's security settings. Moreover, you can configure security settings on one object to apply to all subfolders and documents.

The Publishing Process
Team members who have the Author role on the parent folder can collaborate on a document. Those team members can use SharePoint Portal Server's check-out and check-in features, which let them check a document out of the workspace, make changes, then check in the document for other team members' consideration. A checked-out document is a copy of the most recent version of the document; the team members save the checked-out version on their local hard disk or home directory while making their modifications. The checked-in copy becomes a new version of the master document on the server. You can't overwrite checked-in or published documents without first checking out the document.

To clarify: Publishing a document is different from checking it in or out. Publishing makes the document available to the public, which is defined as all the users who can access your SharePoint Portal Server machine, whether from within your organization or over the Internet. Although users can modify their local copy of a document, Authors and Coordinators can still publish the most recent version of that document on the SharePoint Portal Server machine. Users with the Author or Coordinator role can view a checked-in document, whereas users with the Reader role can view only published documents.

SharePoint Portal Server lets users with appropriate permissions publish a document after it has been checked in or during the check-in process. Let's look at two ways of publishing a document: publishing with an approval process and publishing without an approval process.

Publishing Documents with an Approval Process
Many organizations require that certain people approve documents before publication. For example, before a human resources (HR) department distributes a benefits manual to all employees, the HR manager must approve the manual's contents. If the HR team developed the manual in SharePoint Portal Server, you can give the HR manager the Approver role to require the manager to approve the document before you publish it and make it available to all the users in the company.

Approvers don't need to have the Author or Coordinator role. Being an Approver is a separate function that's specific to the folder and its documents. Unlike the Author, Coordinator, and Reader roles, the Approver role doesn't have an associated permission set (although the Approver role grants that user Reader access to the document during the approval process). For users to be Approvers, the user's account must reside in the same domain as the SharePoint Portal Server computer or in a trusted domain. Only a Coordinator can list users as Approvers. A Coordinator can override the approval process and publish or not publish a document, regardless of what the Approver or Approvers do.

To set up an approval process, the Coordinator must configure the approval requirement on the top-level Documents folder, which is installed by default when you create the workspace. To configure the approval process, the Coordinator follows these steps:

  1. Configure the folder's properties to require approval by right-clicking the folder, selecting Properties, then clicking the Approval tab.
  2. Enter the names of Approvers for the folder's documents.
  3. Enter the email addresses of the Approvers.
  4. Configure a notification message for the Approvers.
  5. Select either parallel- or serial-routing topology.

As Figure 1 shows, you can list one or more users as Approvers, and you can specify that the document go to the Approvers all at once (i.e., parallel routing) or one at a time (i.e., serial routing). Further, you can configure the parallel process to require that all Approvers or only one Approver approve the document for publication. The example in Figure 1 requires a parallel process and only one approval.

SharePoint Portal Server's approval process is limited. For instance, you can't require approval by a majority of Approvers or by certain Approvers. Therefore, if your organization requires a more complex approval process than SharePoint Portal Server's one-or-all configuration, a developer must write customized code.

If a document requires approval, SharePoint Portal Server automatically sends an email message to the Approvers when a document is ready to be published. Approvers click the link to the document, review the document, and approve it when they're ready. An Approver can approve a document from the email message that SharePoint Portal Server automatically generates, from the workspace, or from the dashboard site. While the document is awaiting approval, its status shows in the workspace as Pending your approval. After the reviewers approve the document, its status changes to Published.

Publishing Documents Without an Approval Process
If the Coordinator hasn't configured the folder to require approval, an Author or the Coordinator can publish the document at any time. To eliminate the approval requirement, you clear the Documents must be approved before publishing check box in the folder's Properties dialog box, which Figure 1 shows.

You can publish documents from several places:

  • The digital dashboard site
  • A Microsoft Office application (Office 2000 or later)
  • A Web view during the check-in process

To publish documents individually, use the dashboard. However, if you want to check in a group of documents that you're migrating from another server, use the Web view, which lets you check in documents in bulk. For a bulk check-in, select all the documents in the Web view, right-click those documents, and select Check In from the context menu.

The following examples demonstrate the three ways in which you can publish documents in SharePoint Portal Server. The sample document "Why our Company is going to use SharePoint Portal Server" resides in the IT folder. The sample IT folder doesn't require approval, so you can create a document, then publish it immediately.

Publishing from the digital dashboard. To publish the document from the digital dashboard, you first create the document in Microsoft Word 2000 or later, then save it to your local hard disk. To publish the document, navigate to the IT folder on the adminworkspace workspace, click Add Document, and enter this document and its path in the Document file name input box, as Figure 2 shows. Selecting Publish the document tells SharePoint Portal Server to publish the document as soon as you add it to the folder. If you don't want to publish the document immediately, select Check in the document. That action lets Authors and Coordinators continue to have access to the document to make any necessary changes before publishing the document.

Publishing from an Office application. Let's say you want to create a second document, "Benefits of using SharePoint Portal Server," and publish this document directly from the Office application Word. First, create the document in Word, then click Save and select the workspace in which you want to save the document. (To learn how to create a Web folder to make the workspace appear in Word, see the section "Publishing from a Web view.") Drill down in the workspace to the correct folder (the IT folder, in this example), then click Save. In the Document profile box, enter the appropriate information about the document (e.g., title, author, keywords, description). All documents saved in SharePoint Portal Server have a profile, which provides metadata that SharePoint Portal Server can categorize and search for fast document retrieval.

Now, here's the tricky part. If you choose to save your document but not close it, SharePoint Portal Server returns you to the document in Word. If you choose to close your document, SharePoint Portal Server asks you to either check in the changes or keep the document checked out. If you choose to save but not close your document, SharePoint Portal Server displays the same Check In dialog box when you finally close the document or exit Word. In the Check In dialog box, you can modify the document's profile or select a new profile. In addition, you can enter version comments and select a check box to publish the document after you check it in. If you choose to publish the document after check-in, SharePoint Portal Server publishes the document directly from Word.

Publishing from a Web view. To publish documents from the Web view, you must first create a shortcut to the workspace on the Web server. A shortcut to a Web server is called a Web folder. To create a Web folder, double-click My Network Places on your desktop, then double-click Add Network Place to invoke the Welcome to the Add Network Place Wizard. In the location input box, enter the URL of your workspace. In most environments, you probably will enter a full URL (e.g., http://hostname.domainname.com/workspacename).

In the next screen, the wizard lets you give the Web folder a unique name in the form virtualdirectoryname on servername. In this example, the default name is adminworkspace on testserver1. Marnie Hutcheson, "Web Folders in Office 2000," http://www.iisadministrator.com, InstantDoc ID 8504, describes Web-folder creation in more detail.

After you create the Web folder, you open a Web view by double-clicking the Web folder in My Network Places. Then, drill down to the document you want to publish, right-click the document, and select Publish. The document must be checked in, and you must have either Author or Coordinator permission to publish a document in this way.

After a document is published, it remains published until you remove it from the workspace; it automatically appears in the index and is viewable by all users. SharePoint Portal Server doesn't let you set expiration dates for published documents. If you must have time limits on published documents, you must either have a developer write code to remove documents or track documents and remove them manually. About the only way to eliminate published documents without writing code is to limit the number of published versions of a document that SharePoint Portal Server will retain in the workspace. (By default, this value is unlimited.) You can configure this number on the General tab of the workspace Properties dialog box.

If you have several documents that require approval, checking in, or publishing in bulk, you can use the Web view to accomplish this task. Hold down the Ctrl key and select the documents that you want to check in, approve, or publish; then right-click and make your selection from the context menu. You can check in and publish at the same time, but you must perform bulk approvals in a separate administrative act.

A First Step
SharePoint Portal Server offers you tools for managing your documents more efficiently while letting users access these documents from the LAN and the Internet. The software is a good first step at document management and offers many basic features a good document-management system should have.