Wednesday, July 3, 2013

ECM Governance - Post 3

Guiding Principles continued

Hi Everyone (or me, myself and I, not sure if anyone reads this...) sorry for the delay in this next post, I having been busy doing and not spending enough time writing about it.  In my post 2, we examined the idea of guiding principles and how they are used to set a foundation for our ECM.  We identified several categories or "Areas of Impact" that these principles could be separated into and this week I would like to start by detailing the intent of each of those categories.

General Principles

The general principles are principles that do not fall into any other category, they are usually the least specific (or most general) and often refer to governance rules and policies and how you intend to use them.  A good example of a general rule is the scope of the governance plan or how we intend to apply principles as a general rule.

For example, we want consistent governance across the entire solution and exceptions need to be recorded whenever a site or site collection does not follow the set of policies defined.  In that case, we can create a general principle to define that need:

Governance Scope
Principle
All governance principles, policies, standards and training are tied to the scope and intended purpose of the entire solution. Governance applies equally to all sites and all site areas.

Implication
While some policies will be enforced across the entire organization, others may be determined by each site owner. The Governance document is not intended to define the site specific policies, but is intended to provide the foundation for all sites. Deviation from the governance policies is by exception only and should be recorded and approved by the steering committee prior to implementation.

Security Principles

Security Principles deal with the need for security and how we plan on using security in our solution.  We address things like the security architecture, the use of roles, external access and permission management as security principles.  It is important that we keep security principles as general as possible, to allow for better granularity at the policy and configuration level of the solution to meet the organizations security needs.

As an example we can look at a principle that is common to any governance plan, the use of roles to manage permissions within the solution.  Again the principle is defined and then the implications to the way the solution will be used are outlined.

Role-based Security Model
Principle
Use of a Role-based security model will govern access control and permissions to the SharePoint Portal.
Implication
Users may have different permissions on different sites or areas of the site, which has an implication for both governance and training. This permission is based off the roles that are assigned at any given level. Direct permissions should not be used; if it is found that direct access is being provided, the roles should be reviewed to determine if a GAP exists in the role structure. If a GAP exists, a new role should be defined to prevent the future need for direct security permissions.
In my next post, I will go over the remaining principles Document Management Principles, Publishing Principles, Collaboration Principles, Business Process Principles and Esthetic Principles. Also if you want to learn more in person, I will be presenting on governance at the SharePoint Summit Vancouver 2013, October 28 & 29, I hope I see you there!

Tuesday, May 28, 2013

Programatically Expiring Users from Groups in MOSS 2007

Ok,  I was reviewing my posts and found this bit of code I created in my drafts; not sure why I never posted it, but here it is as is.  If you ever wanted to have a list of users that automatically removed user access after a period of time, this code will do it.  I haven't parsed through the code again, but most of this looks good for SharePoint 2010 and should work for 2013.  Let me know if anything has been deprecated and I will recreate and post an update.  The code itself is an example of the actual logic that would be placed in a timer job, looks like I never finished the solution beyond this test, but the logic is there...

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Microsoft.SharePoint;
using Microsoft.SharePoint.WebControls;

public partial class Pull : System.Web.UI.Page

{
protected void Page_Load(object sender, EventArgs e)

{
//Define variables and objects

SPWeb web = SPContext.Current.Web;
SPSite site = web.Site;
string siteUrl = web.Url;
SPList splExpiryList = web.Lists["User Expiration"]; //A Table I created
DataTable dtExpiryList = splExpiryList.Items.GetDataTable();
SPGroup grp = web.Groups[1];int ID=0;
string username = "";
DataTable dtExpired = new DataTable();

//Fields Used in the Table I created

dtExpired.Columns.Add("ID");
dtExpired.Columns.Add("User");
dtExpired.Columns.Add("Group");

foreach (DataRow drExpiry in dtExpiryList.Rows)
{ //"Expiry_x0020_Date" is how sharepoint stores the field "Expiry Date" because there is a space
if (DateTime.Parse(drExpiry["Expiry_x0020_Date"].ToString()) == DateTime.Now)

//Compare the expiry date to current {
username = drExpiry["User"].ToString();

splExpiryList.Items.GetItemById(int.Parse(drExpiry["ID"].ToString()));

ID = int.Parse(drExpiry["ID"].ToString());

try //Let the User know what is being Deleted
{ grp = web.Groups[drExpiry["Group"].ToString()];
Response.Write("Identified and will affect " + drExpiry["Group"].ToString() + " As the Group containing " + drExpiry["User"].ToString() + " to be deleted. . .");
}
catch (Exception ex)
{ Response.Write(ex.Source + "
"
+ ex.Message + "
Stack Trace
"
+ ex.StackTrace + "
+ ex.HelpLink + "\">Help
"); }
try //Create the Expired Users Table
{ DataRow drExpired = dtExpired.NewRow();
drExpired["ID"] = ID;
drExpired["User"] = username;
drExpired["Group"] = grp;
dtExpired.Rows.Add(drExpired);
dtExpired.AcceptChanges();
}

catch (Exception ex)
{ //This should never fail
Response.Write(ex.Source + "
"
+ ex.Message + "
Stack Trace
"
+ ex.StackTrace + "
+ ex.HelpLink + "\">Help

");
}
}
}
foreach (DataRow row in dtExpired.Rows) //Delete Each Expired Item in the table
{ grp = web.Groups[row["Group"].ToString()];
foreach (SPUser user in grp.Users)
{if (user.Name == row["User"].ToString()) //Verify the User exists in the Group
{ web.AllowUnsafeUpdates = true; //Temporarily Allow unsafe updates
Response.Write("Deleting item " + row["ID"].ToString() + " from " + splExpiryList.Title + " . . .");

try
{ splExpiryList.Items.DeleteItemById(int.Parse(row["ID"].ToString())); //Delete the List Item
Response.Write("Success!");
}
catch (Exception ex)
{ Response.Write("Failed!
"
+ ex.Source + "
"
+ ex.Message + "
Stack Trace
"
+ ex.StackTrace + "
+ ex.HelpLink + "\">Help

"); }
 
Response.Write("Deleting user " + user.Name + " from " + grp.Name + " . . .");

try
{ grp.RemoveUser(user); // Remove the user from the Group
Response.Write("Success!");
}
catch (Exception ex)
{
Response.Write("Failed!" + ex.Source + " " + ex.Message + "Stack Trace" + ex.StackTrace + " " + ex.HelpLink + "\">Help");
} 
splExpiryList.Update(); //Update the List
grp.Update(); //Update the Group
web.AllowUnsafeUpdates = false; //Turn off Unsafe Updates

}
else
{
Response.Write("Error! " + user.Name + " not found in group " + grp.Name + "");
}
}
}
 
//Dispose objects dtExpired.Dispose();
dtExpiryList.Dispose();
web.Dispose();
site.Dispose();
}
}


Sorry if this interrupts my governance, but I think this might be useful to someone out there.

Monday, May 27, 2013

ECM Governance - Post 2

It has been a few days (and a weekend) since my last post, which for me is a lightening fast response.  In this weeks post, I would like to continue along the ECM governance work we started and delve to the core of what defines governance.

Guiding Principles

If you want to consider implementing governance of any type, you are going to need to define a foundation on which we can build our rules for how things will be governed.  As an example, our society is governed by legislation and laws, but in reality, legislation and laws sit on a morale foundation for their existence.  This morale base can be referred to as the principles of our society or the "Spirit of the law".  As society defines the morale base and politicians and law makers interpret the morale base to make the laws and legislation, so to does the business define the guiding principles for ECM.  The actual interpretation of the guiding principles into the making of rules will come later on when we talk about the job of the steering committee, but I think you already have an idea of their role.

In the case of ECM governance, the foundation needs to be clearly defined through what we refer to as guiding principles.  The guiding principles are general rules that help guide us toward the vision we defined in our previous weeks exercise.  With each Principle we have two parts, the definition and the implication.  The definition defines what the principle intends to set rules around, while the implication provides context and understanding of how the principle will affect business users.  If we look at an example (one that should exist in all governance plans), we can see how the principles provide a foundation for use.
All Content is Owned  
Principle
All content must have a clearly identified “owner.”
Implication
Users need to know who to contact if information is out of date or inaccurate. The owner is responsible for the content in a site and for ensuring it is up to date.
This is a simple principle, but the implications can be quite extensive in an organization.  As mentioned in this basic example, ownership implies accountability for content and all content must be owned.  Notice the principle is short and concise, while the implication should be as detailed as needed to ensure that it identifies all the areas affected by the principle.  Our example is currently not detailed in the implication, but that is because the implications are typically specific to each organization.

If we were to look at these principles they can be categorized into several areas of impact.  These areas are as follows:
  • General Principles
  • Security Principles
  • Document Management Principles
  • Publishing Principles
  • Collaboration Principles
  • Business Process Principles
  • Esthetic Principles
Each of the above areas cover off the usage and capabilities of the ECM, but additionally help you guide and focus on rules that are important to an ECM.

In our next session, I will examine each of these principle areas and outline the types of principles that you would expect to see in an organization.  For all our future examples, I will use SharePoint as the ECM of choice, though these principles could be applied to any ECM.

Friday, May 24, 2013

ECM Governance - Post 1

Introduction

If you were ever looking for a main cause for the failure of SharePoint implementations, look no further than ECM Governance.  Over the next couple weeks I am going to share some insights I have experienced with governance of enterprise content and what organizations need to do to ensure the successful implementation and use of solutions like SharePoint and OpenText Content Server.

I am a solution architect who has been working in SharePoint and OpenText (and integrating the two) for many years.  I have seen many implementations fail and they all stem from the same cause, a lack of governance.  It isn't just that organizations fail to plan, though that is part of it; it really has to do with how the organization prepares for the changes that a new system brings.

There is nothing worse than building a system and just letting everyone do whatever they want with the system.  Not only does it breed anarchy, it guarantees a poor user experience and a failed result.  The failure to plan is why so many organizations have no governance in place; we need to think ahead and decide how we are going to steer people towards proper use of the solution, that steering or guiding of people is known as governance which makes sense when you consider the source of the word.
The word governance derives from the Greek verb κυβερνάω [kubernáo]which means to steer and was used for the first time in a metaphorical sense by Plato. It then passed on to Latin and then on to many languages. (Origin from http://en.wikipedia.org/wiki/Governance)


In a modern sense, governance is the act of governing.  It involves determining where the organization needs to be and the rules that need to be followed in order to get there.

The Hydra

Every organization has its own ideas and reasons for using a system and this driving force is where we need to start when we talk about governance.  This driving force is actually a multi-headed beast, hence the section title.  The reason it is a Hydra has to do with the organization itself, companies are setup in silos, based on function and there is no way around it.  Engineers will use a system differently from accounting and so on.  In order to figure out the direction the organization needs to take, you are going to need to involve every group that is going to use the system.

Once you have the reasoning behind each groups use of the system, you can begin finding a commonality to their use.  This commonality will define the "Vision" of your governance plan.  It is the core of how the organization will use the solution, while the uniqueness of each group will provide variances that will be used later on in the governance definition process.

If we were building a governance plan, we now would have two sections ready to fill in, the business cases, which summarize your finding from speaking with each group in the organization and the vision, which defines the direction we need to take the solution.

Next Week

Next week I will explore the idea of guiding principles and how we can make those principles a reality in your organization.