在 SharePoint Server 2013 中規劃信任的檔案位置Plan Trusted File Locations in SharePoint Server 2013

摘要:規劃 Excel Services 信任的檔案位置參數,包括工作階段、 活頁簿、 計算、 記憶體及外部資料設定。Summary: Plan Excel Services trusted file location parameters, including session, workbook, calculation, memory, and external data settings.

本文說明適用於 Excel Services 信任的檔案位置。This article describes trusted file locations for Excel Services.

適用於 Excel Services 信任的檔案位置簡介Introduction to Trusted File Locations for Excel Services

Excel Services 自動建立信任整個 SharePoint Server 2013 伺服器陣列受信任的預設檔案位置 (http://)。此預設信任位置可讓要載入的 SharePoint Server 2013 伺服器陣列或獨立部署中使用 Excel Services 的任何檔案。預設信任整個 SharePoint 伺服器陣列可更輕鬆地安裝程式讓系統管理員。系統管理員可以定義新的信任的檔案位置展開活頁簿功能並加強安全性。Excel Services automatically creates a default trusted file location (http://) which trusts the whole SharePoint Server 2013 farm. This default trusted location enables any file to be loaded from the SharePoint Server 2013 farm or stand-alone deployment by using Excel Services. Trusting the whole SharePoint farm by default enables easier setup for administrators. Administrators can define new trusted file locations to expand workbook capabilities and tighten security.

Excel Services 管理員可依需要新增新信任的檔案位置。信任的檔案位置是 SharePoint 網站、 UNC 路徑或 HTTP 網站的伺服器執行 Excel Services 可從此存取活頁簿。Excel Services administrators can add new trusted file locations as needed. Trusted file locations are either SharePoint sites, UNC paths, or HTTP Web sites from which a server that is running Excel Services is permitted to access workbooks.

若要確保只有信任的使用者才可存取信任位置中儲存的活頁簿,請務必在所有信任的檔案位置上執行 ACL。To make sure that only trusted users have access to workbooks stored in trusted locations, it is important to enforce ACLs on all trusted file locations.

有三個部署 Excel Services 的核心案例: 企業、 小型部門及自訂。There are three core scenarios to deploy Excel Services: enterprise, small department, and custom.

在企業部署中,請考慮下列準則:In an enterprise deployment, consider the following guidelines:

  • 不要設定使用者定義函數的支援。Do not configure support for user-defined functions.

  • 不要讓活頁簿使用內嵌資料連線直接存取外部資料來源。Do not enable workbooks to use embedded data connections to directly access external data sources.

  • 限制使用資料連線庫從活頁簿存取外部資料來源。Limit the use of data connection libraries for external data source access from workbooks.

  • 限制可以在 Excel Services 中開啟的活頁簿大小。Restrict the size of workbooks that can be opened in Excel Services.

  • 選擇性信任特定檔案位置,而且不要啟用信任的網站和目錄的 [信任子項目Selectively trust specific file locations and do not enable Trust Children for trusted sites and directories.

在小型部門部署中,請考慮下列準則:In a small department deployment, consider the following guidelines:

  • 對部門成員用來儲存活頁簿的所有檔案位置,啟用信任。Enable trust for all file locations that are used by department members to store workbooks.

  • 啟用所有受信任的網站和目錄的 [信任子項]。Enable Trust Children for all trusted sites and directories.

  • 發生問題時,選擇性限制特定檔案位置的存取權。Selectively restrict access to specific file locations if problems occur.

在自訂部署中,請考慮下列準則:In a custom deployment, consider the following guidelines:

  • 啟用 Excel Services 開啟大型活頁簿。Enable Excel Services to open large workbooks.

  • 設定較長的工作階段逾時設定。Configure long session time-out settings.

  • 設定大型資料快取。Configure large data caches.

  • 建立此部署的單一信任位置。Create a single trusted location for this deployment.

  • 不要啟用信任子項為此信任位置。Do not enable Trust Children for this trusted location.

Excel Services 的活頁簿位置設定Workbook location settings for Excel Services

在 [Excel Services 新增信任的檔案位置] 頁面上的 [位置] 區段中您可以設定的地址、 位置型別和子文件庫的受信任的檔案位置是否也受信任。您可以選取 [信任子項簡化管理性。不過,您也可以建立的潛在安全性問題所啟用的子網站及子目錄設為自動信任一旦他們所建立的信任位置。僅限選擇 [子項信任如果您是特定任何子目錄或文件庫將會包含您希望 Excel Services 信任的活頁簿。In the Location section of the Excel Services Add Trusted File Location page, you can configure the address, the location type, and whether child libraries of trusted file locations are also trusted. By selecting Trust children you can simplify manageability. However, you can also create a potential security issue by enabling subsites and subdirectories of trusted locations to be automatically trusted as soon as they are created. Only choose Children trusted if you are certain that any child directories or libraries will contain workbooks that you want Excel Services to trust.

Excel Services 的工作階段管理設定Session management settings for Excel Services

在 [工作階段管理] 區段中,您可以設定來節省資源的可用性及增進 Excel Services 的效能與安全性設定。當許多使用者有多個工作階段,同時開啟的 Excel Services 會降低效能。您可以藉由設定兩個逾時設定為開啟工作階段控制資源已消耗並開啟 Excel Services 工作階段的工期限制。In the Session Management section, you can configure settings to help conserve resource availability and improve Excel Services performance and security. Performance can decrease when many users have multiple Excel Services sessions open at the same time. You can control resource consumption and limit the duration of open Excel Services sessions by configuring two time-out settings for open sessions.

工作階段逾時設定會決定 Excel Services 工作階段可以在每個使用者互動後保持開啟且非使用中的時間。短期工作階段逾時設定可讓您決定多久 Excel Services 工作階段可以保持開啟且未作用後的初始工作階段要求。新的活頁簿工作階段逾時設定會決定多久的 Excel Services 工作階段新的活頁簿可以保持開啟並不在作用中之前已關閉。您也可以控制允許任何單一工作階段要求之設定的最大要求持續期間值的秒數。同樣地,您可以設定圖表轉譯時間上限。由限制工作階段保持開啟的時間,您可以協助降低拒絕服務攻擊的風險。The Session Timeout setting determines the time that an Excel Services session can remain open and inactive after each user interaction. The Short Session Timeout setting determines how long an Excel Services session can remain open and inactive after the initial session request. The New Workbook Session Timeout setting determines how long an Excel Services session for a new workbook can remain open and inactive before it is shut down. You can also control the number of seconds allowed for any single session request by configuring a Maximum Request Duration value. Similarly, you can configure the Maximum Chart Render Duration. By limiting how long sessions remain open, you can help reduce the risk of denial-of-service attacks.

建議您以預設值開始,並在發生效能問題時視需要調整這些值。We recommend that you start with the default values and adjust them as needed if you encounter performance issues.

Excel Services 的活頁簿和圖像大小設定Workbook and image size settings for Excel Services

在 [活頁簿內容] 區段中,您可以設定的任何活頁簿、 圖表或影像開啟 Excel Services 工作階段中所允許的大小上限。當使用者開啟極大型活頁簿時可以危害效能及資源的可用性。除非您控制允許開啟 Excel Services 工作階段中執行的活頁簿大小、 風險使用者超過資源容量並導致伺服器失敗。In the Workbook Properties section, you can configure a maximum size of any workbook, chart or image that is permitted to be opened in an Excel Services session. Performance and resource availability can be compromised when users open extremely large workbooks. Unless you control the allowable size of workbooks running in open Excel Services sessions, you risk users exceeding your resource capacity and causing the server to fail.

Excel Services 的計算方式設定Calculation behavior settings for Excel Services

在 [計算方式] 區段中,可決定 Excel Calculation services 此位置的活頁簿計算模式。動態函數快取週期設定指定時間計算的值的自動進行重新計算快取變動函式。[活頁簿計算模式] 設定會指定如何及何時執行活頁簿的計算選項。In the Calculation Behavior section, you determine calculation modes in Excel Calculation Services for workbooks from this location. The Volatile Function Cache Lifetime setting specifies how long a computed value for a volatile function is cached for automatic recalculations. The Workbook Calculation Mode setting specifies options for how and when workbook calculations are performed.

Excel Services 的外部資料設定External Data settings for Excel Services

在 [外部資料] 區段中,您可以判斷儲存在信任的檔案位置與 Excel Services 工作階段中開啟活頁簿是否可以存取外部資料來源。您可以指定是否允許外部資料設定為None信任的資料連線庫僅信任的資料連線庫與內嵌連線。如果您選取 [信任的資料連線庫僅] 或 [信任的資料連線庫與內嵌連線,儲存在信任的檔案位置的活頁簿可以存取外部資料來源。In the External Data section, you can determine whether workbooks stored in trusted file locations and opened in Excel Services sessions can access an external data source. You can designate whether Allow External Data is set to None, Trusted data connection libraries only, or Trusted data connection libraries and embedded. If you select either Trusted data connection libraries only or Trusted data connection libraries and embedded, the workbooks stored in the trusted file locations can access external data sources.

只有當內嵌或連結活頁簿時才可存取外部資料連線。Excel Services 檢查 [信任的檔案位置] 清單才能開啟的活頁簿。如果您選取 [無],Excel Services 即會封鎖任何嘗試存取外部資料來源。如果您管理許多活頁簿作者的資料連線,請考慮指定信任的資料連線庫僅。這可確保所有經過驗證的活頁簿作者所產生的活頁簿中的所有資料連線都已用來存取任何外部資料來源的受信任的資料連線庫。External data connections can be accessed only when they are embedded in or linked from a workbook. Excel Services checks the list of trusted file locations before it opens a workbook. If you select None, Excel Services will block any attempt to access an external data source. If you manage data connections for many workbook authors, consider specifying Trusted data connection libraries only. This ensures that all data connections in all of the workbooks generated by authenticated workbook authors have to use a trusted data connection library to access any external data sources.

如果您管理只有幾個活頁簿作者的資料連線,請考慮指定信任的資料連線庫與內嵌連線。這可讓活頁簿作者在他們的活頁簿中內嵌直接連線至外部資料來源,但是仍然可以信任的資料連線庫的存取。If you manage data connections for only a few workbook authors, consider specifying Trusted data connection libraries and embedded. This enables workbook authors to embed direct connections to external data sources in their workbooks, but still have access to trusted data connection libraries.

在 [外部資料] 區段的 [重新整理警告] 區域中,您可以指定是否從外部資料來源的活頁簿更新前顯示一則警告訊息。選取 [重新整理警告啟用,您確定該外部資料不會自動重新整理時不需使用者互動。In the Warn on Refresh area of the External Data section, you can specify whether a warning is displayed before a workbook updates from an external data source. By selecting Refresh warning enabled, you ensure that external data is not automatically refreshed without user interaction.

在 [顯示更精細外部資料錯誤] 選項,如果您啟用細微的外部資料錯誤設定它可提供要顯示的描述性的錯誤訊息提供的疑難排解並修正連線問題的實用資訊。In the Display Granular External Data Errors option, if you enable the Granular External Data Errors setting it provides descriptive error messages to display that provide helpful information for troubleshooting and fixing connection problems.

在 [重新整理時停止上開啟失敗] 區域中,您可以指定 Excel Services 是否停止活頁簿包含在開啟的資料連線失敗時重新整理時開啟活頁簿。選取 [停止開啟已啟用,您確定更新作業失敗時的任何具有僅供檢視活頁簿的權限的使用者開啟活頁簿時不顯示快取的值。這在報表可能包含每個使用者資料並不想使用者都可以查看其他使用者的快取的資料時很有用。在開啟時重新整理成功時,會清除快取的值。清除之後停止開啟已啟用] 核取方塊,您可以風險時,顯示快的取值重新整理開啟失敗。In the Stop When Refresh on Open Fails area, you can specify if Excel Services stops opening a workbook if the workbook contains a Refresh on Open data connection that fails. By selecting Stopping open enabled, you ensure that cached values are not displayed if an update operation fails when the workbook is opened by any user having View Only permissions to the workbook. This is useful when a report may contain per-user data and you don't want a user to see another user's cached data. When Refresh on Open is successful, cached values are purged. By clearing the Stopping open enabled check box, you risk displaying cached values if Refresh on Open fails.

在 [外部資料] 區段的 [外部資料快取週期] 區域中,您可以指定的最長時間之前取值在到期,與外部資料的最大數目會查詢所能使用的快的取值可在單一同時執行工作階段。In the External Data Cache Lifetime area of the External Data section, you can specify the maximum time that cached values can be used before they expire, and the maximum number of external data queries that can execute at the same time in a single session.

您也可以指定工作階段所允許的查詢數目上限,以及是否要啟用 [允許使用 REST 的外部資料]。You can also specify the maximum number of queries that you want to allow for a given session, as well as whether to enable allow external data using REST.

Excel Services 使用者定義函數設定User-defined functions settings for Excel Services

如果您的部署案例內含的活頁簿包含用以擴充功能的 Excel Calculation Services 使用者定義函數,您必須設定 Excel Services 支援使用者定義函數。If your deployment scenarios include workbooks that contain user-defined functions to extend the capabilities of Excel Calculation Services, you must configure Excel Services to support user-defined functions.

若要設定此支援,您必須啟用包含需要的存取權的使用者定義函數的活頁簿的受信任的檔案位置上的使用者定義函數。此外,您必須註冊 Excel Services 使用者定義的函數組件清單上的使用者定義的函數組件。如需如何啟用使用者定義函數的詳細資訊,請參閱管理 Excel Services 使用者定義的函數組件 (SharePoint Server 2013)To configure this support, you must enable user-defined functions on trusted file locations that contain workbooks that require access to user-defined functions. In addition, you must register user-defined function assemblies on the Excel Services user-defined function assembly list. See Manage Excel Services user defined function assemblies (SharePoint Server 2013) for more information about how to enable user-defined functions.

另請參閱See also

概念Concepts

規劃 SharePoint Server 2013 中受信任的資料連線庫Plan Trusted Data Connection Libraries in SharePoint Server 2013