SMA256401: WebParts that use the UserProfileManager |
SharePoint 2013 gives access to a new set of user profile based methods, and properties which can be used to accomplish almost all tasks existing webparts could use.
| CheckId | SMA256401 |
|---|---|
| TypeName | WebPartUserProfilesManager |
| Severity | CriticalWarning |
| Type | Assembly |
| Full Trust Approach | App Approach |
|---|---|
|
User Profile Manager
The Use Profile Manager (UPM) is used to allow you to edit user profiles and manage users at a farm level. |
SP.UserProfiles
User Profile Manager is replaced with SP.UserProfiles in the App Model and is accessible with the correct permissions. |
| Impact of Full Trust Approach | Benefit of App Approach |
|
UPM User Rights
Users require access to the UPM and in some cases it is done with elevated privileges, which is a security risk. |
Pre authorise permissions
The correct approach is to only let users do what they have permissions to do. Comprehensive APIThe UserProfile API is comprehensive, covering all the required tasks that you may need when modifying or setting up users. |
Efforts and Benefits
| Migration Impact | High |
| Re-Design Effort | Medium |
| Re-Development Effort | Medium ~ High |
| Long Term Benefit | Medium |
Effort Drivers
- Enforces security standards in development practices
- Full migratable
To suppress this violation in managed code add the following attribute to the method which contains the instruction (available since SPCAF version v5.2). Learn more about SuppressMessage here.
[SuppressMessage("SPCAF.Rules.MigrationAssessment.CollaborationCustomizationsGroup", "SMA256401:WebPartUserProfilesManager", Justification = "Provide reason for suppression here")]