Export (0) Print
Expand All
6 out of 8 rated this helpful - Rate this topic

Plan for people and user profiles

SharePoint 2007

Updated: February 26, 2009

Applies To: Office SharePoint Server 2007

Updated: 2009-02-26

In this article:

Information about the users in your organization is stored in user profiles within Profile Services. Profiles Services is managed by a services administrator that has additional permissions that are not available to Shared Services Provider (SSP) administrators. Services administrators import information about users from directory services, such as Active Directory directory service and Lightweight Directory Access Protocol (LDAP).

When planning an initial deployment of Microsoft Office SharePoint Server 2007, you must plan connections between directory services and Profile Services, plan the properties of user profiles, plan the policies for displaying and changing user profiles, and plan how user profiles are used by other personalization features, such as personalized sites.

About people and user profiles

Before you can personalize the sites and content within your organization, you have to understand who the users are in your organization, how they work together, and what information they want to know about each other.

Information about users can come from Microsoft products and technologies, such as Microsoft Exchange, Active Directory, and Microsoft SQL Server. It can come from industry standards for tracking people, such as LDAP. It can also come from line-of-business applications, such as SAP. This enables you to bring all of the properties from these diverse data sources together to create unified and consistent user profiles across the organization.

The properties and data from these sources are stored in user profiles that are managed by Profile Services. User profiles identify connections among users, such as common managers, workgroups, group membership, and sites. In this way, the relationships among users in your organization can be used to encourage more efficient collaboration with colleagues and across teams. This collaboration includes the ability for users to find each other by using user-specific search features.

User profiles and user profile properties can also be used in implementing personalization features, such as building My Sites and content targeting. User profiles are more than just groupings of imported and custom properties about users in your organization. The properties are also used in the public page of My Site to display information about the relationships of each user to other users and content in your organization. This also includes a list of documents shared by each user, and the policies that define how information about users is displayed and shared.

Each user's public profile includes sections that have the following information:

  • Properties   Some of these properties are public and appear on the public profile page, but many of these properties are only visible to administrators. SSP administrators are the only users who can see and edit all user profile properties at the SSP level. Site collection administrators can see values of SSP-level properties in the user information list on the site collection, but cannot edit the actual user profiles and properties. They can edit site-level properties that are included in the user information list, but these are not added to user profiles stored in Profile Services.

  • Social networking   This includes the sites, distribution lists, and security group memberships for the user, and a separate section listing the user's current colleagues. When viewing someone else's public profile, users can also see the colleagues they have in common with that user.

  • Documents   A list of shared documents for the user, including documents on all sites where the user is a member, and organized in tabs by site.

  • Policies   This is available to administrators only unless the administrators grant users the ability to override certain policies. This section is used to set how the information in other sections is displayed, and who can see it.

All of these features are presented to encourage collaboration and reinforce connections among users in your organization. A quick review of the public profile tells the viewer who somebody is, what they are working on, and who they work with. It also enables administrators to make decisions about who can see all of this information and how it is shared. Good planning for users and personalization consists of considering the best way to deploy Office SharePoint Server 2007 to effectively present all of this information. This information should include:

  • A list of connection sources for user profiles, including Active Directory, LDAP, and business applications, such as SAP or Siebel that track users. Include the location, authentication type, accounts, and any other information needed to connect Profile Services to each source.

  • A list of the people features that are available from within user profiles, along with the policy setting, default access policy, and override and replication policies for each feature.

  • A list of user profile properties managed by the SSP administrator, along with the same policy information used for features. Add columns for each connection source to record the property mappings that you want to use.

  • A list of portal sites and site collections and a note recording who is planning the user information list properties for each site collection.

  • If the SSP administrator is planning user properties at the site collection level, record a list of properties and decide if they are best stored in the user profile so they are available for site collections across the SSP, or added later to the user information list for a site collection. The properties in user information lists in a site collection are based on replicated properties of user profiles, but are not connected to user profiles. Properties added to the information list are not stored in the user profile. These properties are not imported, so you do not have to worry about planning property mappings.

    Worksheet action

    Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record this information.

Plan connections to Profile Services

Profile Services is used to connect user-based properties of data sources, such as line-of-business applications and directory services (primarily Active Directory and LDAP), with user profiles and properties that enable many of the features of Office SharePoint Server 2007.

Profile Services is available from the SSP administration pages. From the Import Connections link on the User Profiles and Properties administration page, you can connect directly to Active Directory or LDAP to import user profiles from those sources into Office SharePoint Server 2007. Services administrators select the properties from directory services to import to user profiles.

You can also add business data properties that contain information about users to existing user profiles by connecting to the Business Data Catalog, selecting a relevant entity from a registered business data application, and either mapping that entity to an existing profile property or adding it as a new property. These properties augment the existing profiles imported from directory services. You cannot create or import entirely new user profiles from the Business Data Catalog.

You can import the properties from all of these sources into user profiles by connecting to the relevant service or database and mapping the unique identifier for each property in the shared service to the unique identifier of the corresponding property in the business application. These connections can be made regardless of the authentication method used by the business application.

The service maintains the connections with the relevant business applications and updates the properties of user profiles during regularly scheduled imports from all relevant data sources. Data is not exported, however, so the user profile database cannot overwrite the source databases.

Planning for user profiles consists of starting with the default properties of user profiles in Office SharePoint Server 2007, identifying the connections to directory services that you need to supplement those properties with the information about users you already have, and considering additional business data that enables you to connect users to line of business applications. The key planning principle is consistency across data sources for all users in your organization.

Worksheet action

Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record your planning decisions. Include a list of connection sources for user profiles, including Active Directory, LDAP, and business applications, such as SAP or Siebel that track users. Include the location, authentication type, accounts, and any other information needed to connect Profile Services to each source.

Profile Services enables you to collect information about users in your organization across directory services and business applications so that consistent and timely information is always available. Information about users is synchronized across the deployment to all site collections that use the same SSP. This information can also be used by personalization features to increase the value of collaboration and relationships in your organization.

Plan user profile properties

User profiles and properties are available to administrators from the User Profiles and My Sites section of the Shared Services Administration page. User profiles can be viewed by everyone else from the public profile page of each user's My Site.

Every site that uses the same SSP receives the same basic set of properties from the user profile store and displays them in the site's user information list. SSP administrators can add additional properties to the user information list across all site collections that use the same SSP. Administrators of each site collection cannot add properties to user profiles, but they can add properties to the user information list for certain users, depending on their particular business needs. When you plan for user profiles, you should consider several factors:

  • What are your existing and planned directory services? These services will form the foundation for user profiles. Decide which properties you will use for your core user profiles, based on those that are relevant across your organization (or across the SSP in an organization that has multiple sets of shared services). Properties that can be used when finding users, creating audiences to use when targeting content, and establishing relationships between colleagues and workgroups are essential. Start by reviewing the list of properties in directory services, followed by the default properties provided by Office SharePoint Server 2007, and modify that list according to these considerations.

    Worksheet action

    Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record the planned properties.

  • Which line-of-business applications do you use that have information about users? Which properties can be mapped to the properties of directory services?

    Worksheet action

    Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record these mappings, and note which mappings should have priority if there is a conflict. Be sure to add the line-of-business applications to your list of business applications that must be registered in the Business Data Catalog, and integrate them into business intelligence planning.

  • Based on your business intelligence planning, what other, non-user related properties of business applications might be useful for users in your organization? You can use these properties in personalized Web Parts to target business data based on audiences.

    Worksheet action

    Use the Site creation worksheet (http://go.microsoft.com/fwlink/?LinkId=73138&clcid=0x409) to record this information.

  • How many records of users are you planning to import from all sources, and how often do you want to schedule imports? The frequency of scheduled imports will depend on the number of records, how heavily you are using personalization features, and when you can schedule imports to have the least impact on performance and availability. Let your IT administrators know this information so they can include it in their deployment planning.

  • Which site-level user profile properties do you anticipate? In some organizations, this might be dictated centrally. At other organizations, this decision might be left to the discretion of each site collection administrator.

    NoteNote:

    The My Site public profile replaces the Windows SharePoint Services 3.0 user profile when Office SharePoint Server 2007 is installed. If your initial deployment of Office SharePoint Server 2007 is installed over a Windows SharePoint Services 3.0 installation, be aware that your user profile information will be replaced, and plan accordingly.

Default user profile properties

  • Office SharePoint Server 2007 provides a set of default properties. You will want to review these properties and the policies that apply to them before deciding which changes to make, which properties to keep or remove, and which additional properties to create. For more details about default user profile properties and policies, see Additional user profile properties later in this article.

Additional user profile properties

The default user profile properties and the properties imported from connections to directory services and business applications can be supplemented with additional properties tracking key information that is not available from other sources.

You should plan to add properties at the SSP or site collection level depending on the business needs you identified in earlier planning. Key business needs can often be addressed by creating new properties that associate users with important business processes. For each major concept in your information architecture, consider whether there is a custom property that could be added to user profiles to link users in your organization to information about that concept. These properties can then be used by search to find users, or by personalization features to target content to users. Properties do not have to be visible in public profiles or My Sites, and properties can be useful for search or personalization without being displayed in public profiles or My Sites.

To limit the scope of your planning, prioritize the most important opportunities to improve user profiles. Focus on adding properties that enable key business needs or scenarios for each site collection. If the property relates to a less central business process for the site collection, or if the property seems relevant but does not address specific scenarios, wait until a specific need is identified during regular operations instead of planning to add the property during initial deployment. It is possible you might not need to add many new properties at all, but it is worth considering in case there are any obvious needs.

Configure property choice lists

Property choice lists enable Profile Services administrators to suggest acceptable values or limit the values for any property by listing the suggested or approved choices, which then appear to users in a list of values for the property. Property choice lists can either leave the choices up to the user, or define a list of choices that can be added manually or imported from (or exported to) a comma-delimited file. The latter type of property choice list, a defined property choice list, is a powerful way to suggest useful values for a custom property. You can also decide to prevent the inclusion of irrelevant values by limiting the choices to the defined list.

You can also use property choice lists to enable users to select multiple values for the same property. Many kinds of information about users involve more than one value. For example, you can use a property choice list to enable employees to list their professional certifications and other official qualifications, all of which appear as values for the property.

As an example of using a defined list to make information easier to find and promote collaboration, consider an organization that adds a custom property for areas of expertise. The SSP administrator identifies 10 top areas of expertise that are most relevant for users across the site collections that use the SSP. These areas are recorded as values in a defined property choice list for the Area of Expertise property. The same properties are mapped to managed properties by the search administrator, and the site collection administrators for each site collection can then identify Best Bets associated with keywords for each area of expertise. Now when users search for common keywords, experts for each relevant area will appear at the top of search results.

Worksheet action

Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record whether the property uses a defined list, the property choice list values, and whether the list is open or closed. This enables you to more easily configure properties during initial deployment.

For more information about how user profile properties are used by search, see Plan search (Office SharePoint Server).

Plan people and relationships

The relationships among different users who use the sites in your organization are displayed in the public profile page for each user, and also in each user's personal site home page. SSP administrators can also see information about these relationships from the user profiles stored in Profile Services. This relationship information includes:

  • Site membership (a global view of all memberships for each user).

  • Distribution list membership.

  • Security group membership (including by default only e-mail–enabled groups).

  • Colleagues (who use both the My Colleagues Web Part and the In Common With Web Part).

When you plan the structure of your site collections, one key part you will plan is the membership for each site. Users are added as members by adding them or a group including them to the Member group for each site. Sites should be provided for all key business processes and divisions, and include the proper users.

Membership in distribution lists and security groups will exist for all but the newest organizations. The planning period for Office SharePoint Server 2007 is a good time to review user and group permissions to ensure that users have the correct permission levels to do their jobs. Planners for personalization features will want to talk to security planners to incorporate any changes into their own planning.

This is also a good time to review distribution lists and reorganize them to reflect information architecture planning. Redundant distribution lists can be discontinued, and new distribution lists can be created to meet additional needs.

Colleagues automatically include all people within each user's immediate workgroup — which includes one's manager, peers, and direct reports—so no specific planning is needed. In organizations that have key relationships that cross workgroups, managers or other users might want to add people to My Colleagues lists for certain workgroups. SSP and site collection administrators should encourage managers to make these changes after initial deployment, or allow managers earlier access to the initial deployment so they can verify the organizational hierarchy and make the changes to directory services.

Planning for users and relationships starts with planning for membership in sites, distribution lists, and SharePoint groups based on security considerations, your organizational hierarchy, and the roles of individuals and teams of users in your organization.

Consider how users currently collaborate, based on common managers or common tasks across workgroups, and then consider ways in which you might improve that collaboration by using new distribution lists or groups, or by adding users as colleagues. Consider other functionality that relies on membership in these groups. For example, membership can be used to target content to specific audiences. You can then decide how much of this information is shared and how it is shared by planning for policies.

Worksheet action

Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record all planning decisions.

Plan policies

When planning for personalization of your portal sites, you must carefully consider the availability of information about users in your organization. Not all information is appropriate for everyone to see. Some information should only be available to users and administrators to preserve privacy. Other information can and should be shared freely with other users to encourage collaboration. The decision about what information to share is an important one that depends on the particular needs of each organization.

Office SharePoint Server 2007 provides a set of configurable policies so that Profile Services administrators can make the right information available to meet the needs of their organization. Policies might vary between SSPs, so it is a good idea for the planning team to review collaboration needs across the organization to develop a plan for implementing the right mix of policies.

Every personalization feature and property exposed in user profiles and personal sites has a recommended default policy that can be customized based on the needs of each organization. Each policy is made up of two parts:

  • Policy setting   Some personalization features provides information that is critical for key business processes in an organization. Other information might be inappropriate for sharing across an organization. Some information will be useful for some users to share, but not other users, so that different policies are needed for different users. The planning team can decide to change the policies by feature or property to meet the business needs of their organization. The specific options are:

    • Enabled   The feature is visible to users other than the SSP administrator, depending on the default access setting.

    • Required   This property must contain information, and the information is shared based on default access. Forms containing these features or properties cannot be submitted until the required information is provided. For example, the Manager property is often mandatory so that it can be used to provide information for the My Workgroup feature and audiences based on an organization's reporting hierarchy.

    • Optional   The property is created and its values might or might not be provided automatically. Each user decides whether or not to provide values for the property or leave the property empty. For example, the telephone number of a user is often left blank, and each user can decide whether or not to provide a telephone number visible to other users. The My Colleagues feature is optional, but rather than being blank the list of colleagues that includes everyone in the current workgroup is visible by default to users who have access. Users can decide to opt out by removing colleagues from the list, or expand the list by adding additional colleagues.

    • Disabled   The property or feature is not visible to anyone but the SSP administrator. It does not show up in personalized sites or Web Parts, and cannot be shared.

    • User Override   Properties that have the User Override option selected allow users to change the default access policies for user profile properties. With this option selected, each user can decide who can see the values they entered for the property. If this option is not selected, only administrators can change default access settings.

    • Replicable   Properties and features that have the Replicable option selected can be replicated to other SharePoint sites, but only if the default access is set to Everyone and the User Override option is not selected.

  • Default privacy setting   The privacy setting determines who can see information for a particular personalization feature. Available settings include:

    • Everyone   Every user who has viewer permissions to the site can see the relevant information.

    • My Colleagues   Every user in this user's My Colleagues list can see the information for this user.

    • My Workgroup   Every colleague in the user's workgroup can see the information.

    • My Manager   Only the user and the user's immediate manager can see the information.

    • Only Me   Only the user and the site administrator can see the information.

Plan policies for people features

Some organizations will allow individual SSP administrators to configure policies, and other organizations will want to implement a consistent policy across the organization. By setting expectations for policies during initial planning, you can avoid later confusion, surprises, and misunderstandings. Whatever your decision, you should make the policies clear to users in your organization when they begin using Office SharePoint Server 2007, so they can expect that certain information about them and their work will be available to others.

Policies can vary depending on the purpose of the sites in your SSP. Consider your information architecture planning and site hierarchy when deciding which policies to use. For example, a site based around collaboration is likely to have a less restrictive set of policies than a site designed as a document repository.

Also consider who is using your sites. Customer-facing sites will have entirely different policy considerations compared to collaboration sites, and a central portal site for a large organization might have less need to share information than a departmental site. Many of these issues will be handled as part of security planning, but privacy policies and security considerations are sufficiently related that it is a good idea to consider them together.

Policies that have fewer restrictions mean that users will be viewing public profiles more frequently, which affects how often you must update user profiles and compile audiences. In organizations that have a large number of users, this could affect performance and capacity planning.

Worksheet action

Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record policy decisions for every feature and property.

Site and SSP administrators should share policy decisions with IT professionals in the organization. Some issues that could conceivably affect IT planning include:

  • The expected frequency of updating user profile information.

  • The expected frequency of compiling audiences.

  • The effect on performance and capacity of servers running Profile Services.

  • The effect on security planning.

For more information about the default policies and available policy settings, see Policies for Profile Services.

Plan policies for the properties of user profiles

Properties — such as account name, preferred name, work telephone number, department, title, and work e-mail address — are mandatory by default because in most organizations those are key methods of enabling collaboration and developing organizational relationships. Many of them are also used by Office SharePoint Server 2007 in enabling other features, such as colleagues and audiences.

By default, users cannot override these properties because it is important to Profile Services administrators that access to information stay consistent and predictable.

By default, most properties are visible to everyone, but sensitive information, such as non-work telephone numbers, are limited to users who have been selected as colleagues. A couple of other properties are of private interest only.

Different organizations might have different needs. For example, a company that has many employees in the field might find that mobile telephone information is important for everyone to see. Other organizations might keep all non-work telephone numbers completely private. Organizations focused around small-team collaboration might want to limit more properties to a core group of colleagues.

When planning the policy setting for a property, consider the following factors:

  • Consider making a property required if:

    • The property is used by key user features.

    • The property is associated with key business data for applications in the Business Data Catalog.

    • The property is used in creating audiences.

    • Administrators for Profile Services expect consistent and meaningful values for the property.

  • Consider disabling a property if:

    • The property will rarely be used.

    • The property will distract from more important properties. Note, however, that you can change the display settings for properties to hide them from users viewing public profiles, the Edit Details page, or the My Colleagues Web Part.

    • Consider selecting optional if you decide to provide default values for properties, but still want users to be able to remove the information, or if you want to allow each user to provide the relevant value for the property.

When planning default access policy, consider the following factors:

  • If you want to use the property in search so that users can be found by searches for the property, set the default access policy to Everyone. Properties that have more restrictive access will not be used by search.

  • If the property is useful across workgroups and other divisions in your organization and does not contain sensitive information, consider making it visible to everyone.

  • If the property is mostly useful for collaboration within an immediate workgroup or within a particular group of individually selected colleagues, consider making it visible only to colleagues.

  • If the property is of a private or sensitive nature, consider making it visible only to the immediate manager, or in some cases, only the individual user. What is considered private information can vary from organization to organization.

When deciding whether to allow users to override the policies for properties, consider the following factors:

  • Configure key user profile properties that need consistent values and clear administrator control so that users cannot override them. Override should be enabled only when the access to a property is not central to the needs of an organization.

  • Users should be able to override the access policy for a property if the sensitivity of the information can vary between different users, and the administrator cannot predict a single policy for all users. For example, an employee's hire date might be considered private to one employee and a point of pride to another.

  • Users should be able to override properties that might be relevant to different groups of users over time, by changing the default access policy.

  • For more information about the default policies and available policy settings, see Policies for Profile Services.

Policy replication

Another factor to consider is what information will be replicated from the SSP to user information lists on SharePoint sites. You can limit replication of information by making policies more restrictive, or by limiting the information that is replicated. Only properties can be replicated. Properties that have the Replicable option selected are replicated to other SharePoint sites, but only if the default access is set to Everyone and the User Override option is not selected.

Every site that uses the SSP will use the replicable properties in user information lists. Properties set to Everyone that are not replicable can be seen in the public profile, but those properties do not appear in user information lists. If a property is not replicated, the values for the property in the user information lists for SharePoint sites remain, but changes are no longer replicated and must be made by the site collection administrator.

Worksheet action

Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record which properties you want in the user information lists.

Plan for finding people

Office SharePoint Server 2007 enables users to find other users based on their expertise and role in the organization. By default, the following methods of finding people are enabled:

  • People search scope   A search scope is provided that limits search results to the public profiles in the user profile store for the SSP. Regardless of the search terms used, only users who match those terms appear in search results.

  • People tab in the Search Center site   The People tab in the Search Center site provides options for finding users. You can find users by name or related subject, or by users-related properties, such as title and department.

  • Advanced search   Users can be found by advanced searches that search by user profile property values. Every user profile that matches the value of the selected profile appears in search results.

  • From values for user profile properties   You can find users without explicitly searching by clicking values for users to find other users who have the same value for the property. These properties can be displayed in user profiles, in user information lists, in SharePoint lists, or in general search results.

  • Refined searches   You can refine search results for a people search to include only results for users who have a specific value in their user profiles.

  • Group by social distance   By default, all searches for users are grouped by social distance. That is, users who work most closely with the user viewing search results are grouped first, followed by users more distantly.

Regardless of the search method used, the people search results contain links to the public profiles of each user, and links to contact them by e-mail or messaging programs.

When planning for users, you might want to consider supplementing the default people search scope and Search Center tab with customized search scopes and tabs for more specific groups of users.

SSP administrators will want to consult the information architecture and site hierarchy to identify key business concepts that might relate to specific groups of users that might be sought out by users across sites. Then, they can work with the SSP administrator for search to develop search scopes and people search tabs for those specific groups. They can also use their knowledge of the user profiles they manage to identify other useful groups of users and create additional specific search scopes and search tabs for those groups.

Site collection administrators can create site-level search scopes for users who are members of their site collection.

Worksheet action

Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record planned search scopes and search tabs.

People search planning also feeds back into user profile planning. Initial planning might reveal individuals or groups of users that you would like to make easier to find, but the right properties might not exist to allow those users to be found easily.

Worksheet action

Use the People, profiles, and policies worksheet (http://go.microsoft.com/fwlink/?LinkID=73268&clcid=0x409) to record these new properties to be implemented during deployment.

Plan additional personalization functionality

Profile Services is used to provide personalized information to My Sites and other pages by using audiences and targeted Web Parts.

For more information about planning audiences, see Plan for audiences.

For more information about My Sites, see Plan My Sites.

For more information about targeted Web Parts in general, see Plan for personalized Web Parts.

Worksheets

Use the following worksheets to plan for people and user profiles:

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable content for Office SharePoint Server 2007 .

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.