Expression Evaluation Time: ms / Round trip: ms
MatchPoint 3.1.4 Feature Overview
19. Jun
2013
by Jens Category:
Announcement
0

MatchPoint 3.1.4 is released and it comes with some new features and changes, including bugfixes as well. This blog post provides a description about the most important changes and features.

Configuration: Web Part Security

The following two changes are intended to control security-related behavior.

MatchPoint basically provides a flexible configuration mechanism for web parts: They can be stored centrally or locally, a central web part can be copied to a local web part configuration. Data aggregation can be done either within the current user context or within the context of an elevated user (e.g. "RunAsUser" configuration element in a ListItemDataApapter).

To avoid abuse of these flexible mechanisms the following two changes were implemented.

Disable / restrict local web part configurations

This parameter in the MatchPoint configuration controls the behavior for security-related configuration elements in local web part configurations such as "RunAsUser" or the "ToggleView" switch.

The table below shows the possible parameter values:

Value Copy to Local Security-related elements
Enabled Allows to copy central web parts to local configurations. Enabled.
Disabled Copy to local is disabled, local web part editing not possible. Editing of central web part configurations possible (security-related elements are shown), local web part editing general not possible.
Restricted Copy to local is enabled, local web part editing is possible. Enabled for central web part configurations, restricted for local web part configurations.

Security Token for Web Parts with Central Configuration

With MatchPoint 3.1.4 it is possible to download a Web Part Definition file (".dwp") from the MatchPoint user interface. The ribbon button "Export Web Part Definition" is shown for all central web part configurations. The ".dwp" contains the type name of the web part configuration, the configuration file name and a configuration file token. If a .dwp file is downloaded, the ConfigFileName could be changed easily and the dwp can be uploaded again. This represents a possible security leak (users could have Access to configuration files they are not allowed to use).

To avoid this, the security token was introduced. If the configuration file name does not match the security token an error message is shown: "Invalid configuration file token".

Workflow Kit: Run Workflow As Current User

A workflow running on a list item always opened the list item as system account. This flag can be set in the MatchPoint configuration to open the list item with the current user.

Provisioning

Configuration: Culture as Pattern String

The "Culture" configuration element in the provisioning configuration (Level "WebDefinition") is now a pattern string.

Allow Custom values for BaseTemplate

The "BaseTemplate" configuration element in the provisioning configuration (Level "WebDefinition") now allows custom values.

Configuration: Web Part Page Definition available in Provisioning

A web part page definition can be used in a list definition (items collection) and allows to use a template to create the page with it.

Tags: 3.1.4
Comments
ABOUT

This blog is about technical and non-technical aspects of the product MatchPoint and other SharePoint topics.

If you would like to post an article or if you have an idea for a post, please contact us.

ARCHIVE
June 2014 (3)
May 2014 (1)
1-5 (25) 
COMMENTS
Markus Wälchli
13.10.2014 12:05
Hi Markus

Somewhat embarassing, but didn't realiz... | Goto Post
Markus Doggweiler
12.10.2014 03:32
Hi Markus

As every Snowflake configuration migh... | Goto Post
Markus Wälchli
10.10.2014 11:52
Nice post! The file "MatchPoint.Snow.Themable.Imag... | Goto Post
rtaccesa
01.10.2014 12:54
Thank you Patrick,

I will be looking forward to t... | Goto Post
Patrick Zenhäusern
30.09.2014 08:48
Hi Radu

I'm afraid it's not possible to provide a... | Goto Post