Remote Workspaces
MatchPoint remote workspaces can be used to build solutions for collaboration scenarios, where SharePoint Online Hybrid approach is configured. Remote Workspaces are based on standard MatchPoint workspaces and are created directly on your SharePoint Online tenant from your local SharePoint on demand by end-users without administrative permissions.
A MatchPoint remote workspace is similar to standard (local) workspace with restrictions:
- A workspace is specified centrally within a RemoteWorkspaceTemplateConfiguration.
- Within this configuration, metadata fields are specified for describing the workspace content.
- For each workspace, a WorkspaceTag can be created, which is applied to the workspace item but it is not inherited to the workspace's content. This allows an easy identification of a remote workspace.
- Permissions on a remote workspace can be configured using the role management concept.
- You can only choose a site template from SharePoint Online site templates.
- Remote Workspaces are created and managed by using a Workspace Editor Web Part.
When a new remote workspace is created using the Workspace Editor Web Part, a workspace list item is automatically created within a "Workspace" document library on the local SharePoint farm. The document library is created for every remote workspace template that is configured in the system. Location and title of the library can be specified within the RemoteWorkspaceTemplateConfiguration file. The list item for a remote workspace contains all metadata fields that are configured for the remote workspace template.
Since each remtoe workspace has such a list item, remote workspaces can be aggregated (i.e. for a Data Grid Web Part) very easily and independent from SharePoint Search Service Application using a WorkspaceDataProvider. This is especially convenient when the physical workspaces are distributed over multiple site collections, web applications or tenants.
Remote Workspace Template Configuration
MatchPoint remote workspaces are specified in a RemoteWorkspaceTemplateConfiguration file. Within this file, the general settings for the remote workspace are defined, for instance the location of new remote workspaces or whether a new site collection is to be created for each new remote workspace.
Depending on the configuration of the remote workspace template configuration file, users can create either a new SharePoint subsite (an SPWeb at the specified URL) or a new site collection, where the actual remote workspace web will be represented by the root web.
The TemplateId property specifies a unique ID (GUID) that identifies the workspace template. Therefore, it is important to ensure that the IDs are in fact unique. If a new remote workspace template configuration is created, this is done automatically. However, when configurations are copied, it is possible that an ID is used multiple times. In this scenario, the ID has to be corrected manually.
Workspace Tag
A workspace can be configured with a workspace tag using the WorkspaceTagDefinition element. This tag is automatically created when a new workspace is created. It is also applied to the new workspace; Unlike in local workspaces case remote workspace content will not be tagged.
Metadata Fields
Workspaces can be configured with metadata fields. All field types that are part of the Form Web Part can be used. Additionally, a RemoteRoleField can be used to make user role assignments for a workspace. Fields can be configured either within the RemoteWorkspaceTemplateConfiguration or within the configuration of a Workspace Editor Web Part.
It is recommended to configure fields within the "RemoteWorkspaceTemplateConfiguration" if possible. This might reduce the effort for configuring the Web Parts that are used to manage the workspace significantly.
Event Handlers
Within the remote workspace template, workspace event handlers can be registered using a RemoteWorkspaceEventHandlerConfiguration element, which specifies a ClassName to a class implementing IRemoteWorkspaceEventHandler.
Following events are available:
- Adding
- Added
- Updating
- Updated
For more information on how to implement a custom workspace event hander, please refer to the MatchPoint API Reference and to the code samples Colygon.MatchPoint.Samples.zip provided with every MatchPoint Release.
Forms
The Forms-element (type: FormConfiguration) within the workspace template can be used to configure View/Edit/Create forms for a workspace. Each URL parameter allows specifying a page. This page is opened when the corresponding action is called for a workspace, i.e. using the context menu for a workspace element within a Data Grid Web Part.
On the specified pages, the controls for viewing, editing and creating a workspace can be implemented using the Workspace Editor Web Part.
Permissions
The Permissions-element (type: WorkspacePermissionConfiguration) can be used to specify, which users have permissions to view, edit, create or delete workspaces. Please note that the permissions defined here do not affect the effective permissions that are applied to the SharePoint web. They only determine which users are allowed to manage workspaces.
By using the Expression parameter on a WorkspacePermissionConfiguration element, permissions can be assigned dynamically to a specific user group or role. In combination with the "VisibilityCondition" element on metadata fields, simple document based workflows can be modeled for Workspaces by hiding/displaying fields depending on the current state.
Role Management
MatchPoint workspaces provide a role management concept that allows the allocation of user permissions. Permissions are applied to a workspace based on two configuration mechanisms:
- Roles and their permission levels are defined using a role permission assignment within the workspace template configuration.
- User role assignments (which user inhabits a role on a specific workspace) are specified with the "RemoteRoleField" element in the Workspace Editor Web Part.
When both role permission assignments and user role assignments are specified for a remote workspace, MatchPoint will automatically create SharePoint permission groups and add the users with a corresponding user role assignment to these groups.
Role Management Configuration
The general behavior of the role management is configured within the MatchPoint configuration file. On the configuration root element, the EnableWebRoles parameter specifies whether role permission groups are created on a "per web" or "per site collection" scope. If enabled, unique role permission groups will be created for each workspace that is created.
Within the RemoteWorkspaceTemplaceConfiguration, the RoleTagDefinition configuration element specifies, whether a role tag is automatically created for each role and each role assignment that is configured throughout the system.
A user role tag is created using the role name and the user SID for the tag key and the user name (according to the people picker settings configured within the MatchPoint configuration file) as the tag name.
If role tags are enabled, they are automatically applied to the workspace (without being inherited to content within the workspace) and therefore they can be used to search for workspaces.
SharePoint Permission Groups vs. Role Permission Assignments
The permissions determined by the workspace role management are realized using standard SharePoint permission groups. This means, for every role defined on a workspace, a SharePoint permission group with the specified permission level is created. Users that are assigned to a role on a workspace will automatically be added to this group.
Depending on the EnableWebRoles setting, two different scenarios result:
- If the parameter is set to 'true', a permission group will be created for every role and every instance of a workspace. This permission group will be named after the role and the ID of the workspace, i.e. 'Project Manager_1fb77414-e598-4a03-873b-37abbf177777'.
- Otherwise, permission groups will be created only for each role. In this case it is not possible to create unique permission settings for different workspaces unless each workspace is created as an own site collection. The permission group will be named after the role, i.e. 'Project Manager'.
In most scenarios, it is recommended to specify the EnableWebRoles parameter as 'false' and create site collections for each new workspace. This ensures a high scalability and keeps the number of permission groups low.
Role Permission Assignments
The permission level for a role is configured within the remote workspace template configuration, within a RemoteRoleDefinition element. This object is an enumerable of RemoteRoleDefinition objects that provide access to the individual permission assignments.
Role permission assignments can be accessed from any "Workspace" object by using the "RolePermissionAssignments" property.
User Role Assignments
User role assignments can be accessed from any workspace object by using the UserRoleAssignments member.
Workspace Expressions
Self
During the creation and update of a remote workspace there is an additional expression variable called "Self". It can be used in the expression strings of the workspace template configuration to access properties of the current workspace while it is created or updated.
For example, if the title of a remote workspace needs to consist of an input
field named WorkspaceTitle plus the ID of the workspace. Then the
pattern {Self.WorkspaceTitle}{Self.SiteId} can be used in the SiteTitle
property of the remote workspace template configuration.
Web Parts
Following two web parts exist in relation to workspaces:
Workspace Editor Web Part
The Workspace Editor Web Part is used to create new or edit existing remote workspaces.
Image Tag Web Part
The Image Tag Web Part enables end users to easily set tags based on tag icons, without needing to open a workspace editor web part
Remote Workspace CleanUp Timer Job
MatchPoint provides a Remote Workspace Cleanup Timer Job which is responsible for finding and removing orphaned remote workspace list items.
When a subsite or site collection is deleted from SharePoint Online its corresponding list item in central workspace list stays. Such orphaned list items can be removed manually or automatically by the Remote Workspace Cleanup Timer Job. When a remote workspace is deleted by a contextual action, e.g. within the Data Grid Web Part, the workspace subsite or site collection and the corresponding list item are deleted all together.
Scheduling
The Remote Workspace Cleanup Timer Job is implemented as standard SharePoint timer job. It is by default scheduled to run once per day and its schedule can be changed in the local SharePoint Central Administration.