規劃 SharePoint Server 中的使用者設定檔Plan user profiles in SharePoint Server

摘要:尋找有關如何規劃 SharePoint Server 2013 和 SharePoint Server 2016 的使用者設定檔的資源。Summary: Find resources about how to plan for user profiles for SharePoint Server 2013 and SharePoint Server 2016.

使用者設定檔是屬性的說明單一使用者,以及原則和每個屬性相關聯的其他設定的集合。使用者設定檔協助識別企業,如其一般經理、 工作群組、 群組成員資格及一般網站中的使用者之間的連線。他們也可以包含使用者,例如使用者的運作方式的產品、 使用者的興趣或範圍、 專業知識及組織結構中的使用者進行的重要資訊。藉由公開此功能,例如 「 我的網站中的資訊、 使用者設定檔會提供企業社交網路 in SharePoint Server 基礎。某些使用者設定檔支援企業社交網路功能如下:A user profile is a collection of properties that describes a single user, and also the policies and other settings associated with each property. User profiles help identify connections between users in an enterprise, such as their common managers, workgroups, group membership, and common web sites. They can also contain important information about a user, such as the products the user works on, the user's interests or areas of expertise, and the user's place in the organization's structure. By exposing this information in features such as My Sites, user profiles provide the basis for enterprise social networking in SharePoint Server. Some of the enterprise social networking features that user profiles support are as follows:

  • 我的網站My Sites

  • 設定檔頁面Profile pages

  • 人員搜尋People searching

  • 組織圖Organizational charts

  • 專業知識搜尋Expertise search

  • 社交標記Social tagging

  • 對象Audiences

使用者設定檔也包含用於伺服器對伺服器驗證可讓伺服器的存取並要求的資源來自另一個代表使用者。User profiles are also used in server-to-server authentication which allows for servers to access and request resources from one another on behalf of users.

使用者設定檔概觀Overview of user profiles

下圖所示,是從目錄服務匯入、 從商務系統匯入和使用者所提供的屬性可包含使用者設定檔。在 SharePoint Server 2013,您可以完成此匯入與包含版本的 Forefront Identity Manager。在 SharePoint Server 2016,您可以使用外部身分識別管理員如 Microsoft Identity Manager 2016 (MIM)。As shown in the following illustration, user profiles can be composed of properties that are imported from a directory service, imported from business systems, and supplied by users. In SharePoint Server 2013, you can accomplish this import with the included version of Forefront Identity Manager. In SharePoint Server 2016, you can use an external identity manager such as Microsoft Identity Manager 2016 (MIM).

SharePoint Server 使用者設定檔的組合

例如,目錄服務可以提供整個組織需要的重要資訊 (如使用者的帳戶名稱、工作電話號碼、職稱和工作電子郵件地址)。商務系統可以提供商務相關的資訊 (如每位小組成員管理的客戶帳戶或產品線)。使用者可以提供他們自己的補充資訊 (如其專業領域或嗜好)。For example, a directory service could supply important information that is needed across the organization, such as users' account names, work telephone numbers, titles, and work e-mail addresses. Business systems could supply business-related information, such as the customer accounts or product lines managed by each team member. Users could supply supplemental information about themselves, such as their areas of expertise or hobbies.

使用者設定檔與 SharePoint Server 使用者帳戶區別且存在於他們自己的資料儲存區中。使用者帳戶可協助提供安全性與權限至 SharePoint Server 中的物件。使用者設定檔可用來組織使用者之間的關係及使用者相關資訊。更新使用者設定檔不會影響該使用者的使用者帳戶。User profiles are distinct from SharePoint Server user accounts and exist in their own data store. User accounts help provide security and permissions to objects in SharePoint Server. User profiles are used to organize information about users and about the relationships among users. Updating a user's profile does not affect that user's user account.

新使用者設定檔的建立方式如下:New user profiles are created in the following ways:

  • 如果已驗證的使用者沒有使用者設定檔,建立一份新使用屬性採取適當的目錄服務第一次從該使用者存取其 「 我的網站。If an authenticated user does not have a user profile, a new one is created by using properties taken from the appropriate directory service the first time that user accesses his or her My Site.

  • 您可以使用設定檔同步處理來建立一或多個使用者設定檔。You can create one or more user profiles by using profile synchronization.

  • 自訂解決方案可以開發用以建立使用者設定檔。A custom solution can be developed to create user profiles.

關於使用者設定檔屬性About user profile properties

使用者設定檔包含一組使用者屬性。每個使用者屬性都會提供使用者相關資訊的項目。使用者屬性值可以來自目錄服務、商務系統或使用者輸入。您可以設定一些屬性,以將它們匯出至目錄服務。您對規劃使用者設定檔進行的一些決策是有關要包括的使用者屬性,及其值的設定方式。A user profile is composed of a set of user properties. Each user property provides an item of information related to a user. User property values can come from directory services, business systems, or user input. You can configure some properties so that they can be exported to a directory service. Many of the decisions that you make in planning user profiles are about which user properties to include and how their values are set.

使用者設定檔包含一組預設使用者設定檔屬性。由於他們會使用 SharePoint Server 社交網路或個人化功能及子集合的屬性會自動對應至其相對應的目錄服務屬性之後執行設定檔中有許多這些屬性是包含同步處理。User profiles include a set of default user profile properties. Many of these properties are included because they are used by SharePoint Server social networking or personalization features, and a subset of the properties are mapped automatically to their corresponding directory service attributes after you run profile synchronization.

SharePoint Server 包含受管理的中繼資料功能。受管理的中繼資料是集中管理您可定義並再用為屬性的 SharePoint Server 中的項目之字詞的階層式集合。受管理的字詞組為字詞組。您可以建立關聯的字詞組可編輯使用者設定檔屬性。執行此動作,您可以管理該屬性相關聯的值並方便使用者屬性輸入適當的值。例如,建立關聯定義職稱企業中的字詞組,有助於提升使用一致的那些使用者設定檔中的標題。SharePoint Server includes a managed metadata feature. Managed metadata is a hierarchical collection of centrally managed terms that you can define and then use as attributes for items in SharePoint Server. A set of managed terms is a term set. You can associate a term set with an editable user profile property. By doing this, you can govern the values associated with that property and make it easier for users to enter appropriate values for the property. For example, by associating a term set that defines the job titles in an enterprise, you can help promote consistent use of those titles in user profiles.

關於屬性原則About property policies

如前文所述、 使用者設定檔可以用於許多 SharePoint Server 社交網路功能。您可以設定原則來協助管理該屬性中的資訊可以如何使用使用者設定檔中的每個使用者屬性。您可以指定:As described above, user profiles are used in many SharePoint Server social networking features. You can set policies on each user property in a user profile to help govern how the information in that property can be used. You can specify:

  • 是否在使用者設定檔中包括屬性Whether or not a property is included in user profiles

  • 是否需要某個屬性Whether or not a property is required

  • 使用者是否可以變更屬性的預設隱私權設定Whether or not users can change the default privacy setting of a property

  • 是否對其他使用者可以看到屬性的Whether or not a property is visible to other users

下表說明每個原則設定選項。The following table describes each policy setting option.

原則設定選項Policy setting option 描述Description
啟用或停用Enabled or Disabled
您可以設定在功能中使用的屬性 (當功能包含該屬性時),也可以設定要停止使用的屬性 (透過將屬性設定為停用)。You can configure a property to be available for use in features that incorporate it, or you can configure a property to be unavailable by configuring it as disabled.
必要Required
您可以指定屬性必須包含資訊。You can specify that a property must contain information.
選用Optional
您可以指定屬性不需要有值。每位使用者都可以提供屬性值,或將屬性保留為空白。You can specify that a property is not required to have a value. Each user can provide values for the property or leave the property empty.
預設隱私權設定Default privacy setting
這決定誰可以看到屬性的資訊,如下所示:This determines who can see information for a property, as follows:
所有人:所有具備網站檢視工具或較高權限的使用者都可以查看相關資訊。Everyone: Every user who has viewer or higher permissions to a site can see the relevant information.
搜尋只會使用隱私權設定為 [所有人] 的屬性。Only properties that have a privacy setting of Everyone will be used by search.
僅限自己:只有該使用者才可以查看資訊。Only Me: Only the user can see the information.
User Profile Service 管理員一律可以檢視使用者設定檔中的資訊,而不管它的預設隱私權設定為何。User Profile service administrators can always view the information in a user profile regardless of its default privacy setting.
使用者可以覆寫Users Can Override
選取此選項時,使用者可以變更屬性的預設隱私權設定。未選取此選項時,只有 User Profile Service 的管理員才可以變更預設隱私權設定。When this option is selected, users can change the property's default privacy setting. When this option is not selected, only administrators of the User Profile Service can change default privacy settings.
可複製Replicable
其值變更時屬性的值就會複製到其他網站中的使用者資訊清單中。要複寫屬性必須設定成預設隱私權設定為 [所有人及使用者可以覆寫原則必須未選取。The property's value will be replicated to user information lists in other sites when its value changes. For a property to be replicated, its default privacy setting must be set to Everyone and the User Can Override policy must not be selected.

設定每個使用者設定檔屬性的原則,以及您可以設定類似原則上提供的清單、 網頁組件或網站的設定檔相關資訊的一些 SharePoint Server 功能。您可以設定原則的個人化功能設定包括:Along with setting policies on each user profile property, you can set similar policies on some SharePoint Server features that provide profile-related information in lists, Web Parts, or web sites. The personalization feature settings that you can set policies on include the following:

  • 顯示 SharePoint 網站成員資格The display of SharePoint site memberships

  • 在「我的網站」上顯示同事The display of colleagues on My Sites

  • 根據組織階層自動填入同事Auto-population of colleagues based on organizational hierarchy

  • 顯示同事建議The display of colleague recommendations

  • 在「我的網站」上顯示連結The display of links on My Sites

  • 固定至「我的網站」的其他網站Other sites pinned to My Sites

下列考量可協助您決定適用於組織的原則:The following considerations can help you determine which policies are appropriate for your organization:

  • 屬性應該是必要吗?根據預設,某些屬性所需而使它們無法覆寫或變更的使用者可以設定。在大多數的組織,這些屬性會啟用共同作業和開發整個組織關聯性的主要方法。SharePoint Server 使用這些屬性的許多啟用對象之類的其他功能。Which properties should be required? By default, some properties are required and can be configured so that they cannot be overridden or changed by users. In most organizations, these properties are key ways to enable collaboration and develop relationships across the organization. SharePoint Server uses many of these properties to enable other features, such as audiences.

  • 屬性應該是每個人都可以看到吗?根據預設,大部分的內容都是顯示為 [所有人,但是您可以設定有限可見性的機密資訊。例如的欄位都有許多員工的公司可能決定行動電話資訊非常重要的任何人查看。其他組織可能會選擇要保密的所有非公司電話號碼。Which properties should be visible to everyone? By default, most properties are visible to everyone, but you can configure sensitive information to have limited visibility. For example, a company that has many employees in the field might decide that mobile phone information is important for everyone to see. Other organizations might choose to keep all non-work telephone numbers private.

  • 使用者可以變更哪些屬性原則?某些屬性原則都具有使用者可以變更的設定。例如,一些使用者可能不想自動填入同事清單。其他使用者可能會想要變更屬性的預設可見性設定。Which properties policies can be changed by users? Some property policies have settings that can be changed by users. For example, some users might not want automatic population of colleague lists. Other users might want to change the default visibility setting for a property.

規劃屬性或個人化功能的原則設定時,請考慮下表所示的因素。When planning the policy setting for a property or personalization feature, consider the factors shown in the following table.

條件Condition 停用屬性Disable the property 讓屬性成為選擇性Make the property optional 進行所需的屬性Make the property required
屬性由主要使用者功能使用。The property is used by key user features.
XX
屬性相關聯的 Microsoft Business Connectivity Services 中的應用程式的主要商務資料。The property is associated with key business data for applications in Microsoft Business Connectivity Services.
XX
當您建立對象時,會使用此屬性。The property is used when you create audiences.
XX
User Profile Service 管理員預期屬性值必須一致且有意義。User Profile service administrators expect consistent and meaningful values for the property.
XX
屬性使用機率低。The property will rarely be used.
XX
某屬性會讓更重要屬性遭忽略。The property will distract from more important properties.
> [!NOTE]> 您可以變更屬性的顯示設定以隱藏。> [!NOTE]> You can change the display settings for properties to hide them.
XX
您決定提供屬性的預設值,但希望使用者可以變更或移除那些值。You decide to provide default values for properties, but want users to be able to change or remove those values.
XX

當您規劃屬性的預設可見性設定時,請考慮下表所示的因素。When you plan the default visibility settings for properties, consider the factors shown in the following table.

條件Condition 動作Action
您要在搜尋中使用屬性,以便搜尋動作可以針對這些屬性找到使用者。You want to use the property in search so that users can be found by searches for the property.
將預設存取原則設定為 [所有人。將搜尋所用屬性的原則設定為 [所有人Set the default access policy to Everyone. Only properties that have a policy setting of Everyone will be used by search.
此屬性對所有工作群組和組織中其他部門很有用,且不包含機密資訊。The property is useful across workgroups and other divisions in your organization and does not contain sensitive information.
讓所有人都可以看到屬性。Make the property visible to everyone.
此屬性屬於私人或機密性質。The property is of a private or sensitive nature.
讓屬性成為可見只要將個別使用者。Make the property visible only to the individual user.

規劃使用者設定檔Planning user profiles

本節提供指示,協助規劃使用者設定檔。建議您的規劃工作是依下列順序執行:This section provides guidance to help in planning user profiles. It is recommended that your planning tasks are performed in the following order:

  1. 識別專案關係人Identify stakeholders

  2. 識別設定檔資訊的使用方式Identify how the profile information will be used

  3. 識別目錄服務與商務系統Identify directory services and business systems

  4. 決定要包括的屬性Determine which properties to include

  5. 決定屬性詳細資料Determine property details

  6. 決定個人化設定原則Determine personalization settings policies

  7. 規劃容量Plan for capacity

識別專案關係人Identify stakeholders

使用者設定檔是企業的資訊架構的一部分,且必須符合的項目都取決於設定檔資訊的工作群組需求。決定要設定檔中包含的屬性應依據代表使用 「 我的網站及其他社交運算功能的工作群組的專案關係人的輸入。User profiles are part of an enterprise's information architecture and must meet the needs of workgroups that depend on the profile information. Decisions about which properties to include in profiles should be based on input from stakeholders representing the workgroups that use My Sites and other social computing features.

使用者設定檔的相關決策必須之間的平衡會議社交運算組織和其安全性需求、 隱私權和法規責任。因此,決定在使用者設定檔及要包含的屬性可供使用 executive 贊助者、 法律顧問和人力資源小組成員的參與公開的資訊。這有助於確保符合企業的原則和法律規定使用的設定檔資訊。如果您的解決方案跨越多個地區,最好是包含代表來自不同地區設定中進行這些決策的建議的作法。Decisions about user profiles must strike a balance between meeting the social computing needs of the organization and its security, privacy, and regulatory responsibilities. Therefore, decisions about which information to expose in user profiles and which properties to include should be made with the participation of executive sponsors, legal advisors, and human resources team members. This helps ensure that profile information is used in compliance with enterprise policies and legal requirements. If your solution spans multiple locales, it is a recommended practice to include representatives from the various locales in making these decisions.

識別設定檔資訊的使用方式Identify how profile information will be used

您想要在 SharePoint Server 解決方案中使用這項資訊的方式是要規劃使用者設定檔屬性的索引鍵。功能的規格及架構的文件應該提供此資訊及應協助指引您設計以符合您的使用者需求的有效使用者設定檔。開發小組的功能規格、 架構圖表與其他成品會決定使用者設定檔屬性的需求的重要資源。How you intend to use this information in your SharePoint Server solution is the key to planning user profile properties. Your functional specifications and architectural documents should provide this information and should help guide you in designing effective user profiles to meet your users' needs. Your development team's functional specification, architecture diagrams, and other artifacts will be key resources in determining requirements for user profile properties.

識別目錄服務與商務系統Identify directory services and business systems

使用者設定檔包含從目錄服務與商務系統的資料。目錄服務可提供使用者社群的成員,並提供這些使用者的相關資料。可從外部資料庫或 Web 服務等商務系統匯入其他使用者資訊。特定的目錄服務與您要使用的商務系統取決於您企業環境。User profiles contain data from directory services and business systems. Directory services can supply the members of your user community and provide data about those users. Additional user information can be imported from business systems such as external databases or Web services. The particular directory services and business systems you'll use depend on your enterprise's environment.

決定要包括的屬性Determine which properties to include

根據預設,有哪些支援基本 SharePoint Server 社交運算與個人化功能的對應的屬性。想要決定其他要包括自訂屬性會根據社交運算解決方案目標、 解決方案功能需求以及可從目錄服務與商務系統的資料。By default, there are mapped properties which support basic SharePoint Server social computing and personalization features. You'll want to determine which additional custom properties to include based on your social computing solution goals, your solution's functional requirements, and the data available from directory services and business systems.

決定屬性詳細資料Determine property details

下表說明收集周圍您規劃使用 SharePoint Server 中的使用者設定檔的每個屬性的資訊類型。The following table describes the type of information to collect around each property that you plan to use with user profiles in SharePoint Server.

屬性Property 若要提供的資訊Information to provide
來源Source
指出內容的來源: 目錄服務,例如 HR 系統或 write-in 欄位的 「 使用者輸入"商務系統。Indicate the source for the property: a directory service, business system such as an HR system, or "user input" for a write-in field.
類型Type
指出屬性的類型。Indicate the property's type.
說明Description
定義屬性,以及說明它的預定用途。Define the property and describe its intended use.
啟用Enable
指出是否應啟用此屬性。啟用屬性它可讓使用中的功能,例如 「 我的網站。已停用的屬性都會只看得到的使用者設定檔服務管理員。Indicate if this property should be enabled. Enabling a property makes it available for use in features such as My Sites. Disabled properties are only visible to administrators of the User Profile service.
需要Require
指出屬性是否需要值。Indicate if the property is required to have a value.
可編輯Editable
指出使用者是否可以編輯此屬性的值。Indicate if users can edit this property's value.
字詞組Term set
如果是可編輯的屬性,也可以提供字詞組 (內含屬性的可接受值) 的名稱。If this is an editable property, you can also supply the name of a term set that contains acceptable values for the property.
預設原則設定Default policy setting
指出誰可以看到屬性的資訊: 所有人或僅限使用者。Indicate who can see information for the property: everyone or only the user.
隱私權設定覆寫Privacy setting override
指出使用者是否可以變更屬性的預設隱私權設定。Indicate if users can change the property's default privacy setting.
顯示選項Display options
指出此屬性的值是否可以出現在下列位置:Indicate if this property's value may appear in the following places:
在「我的設定檔」頁面上On My Profile pages
在使用者編輯其設定檔資訊的頁面上On the page on which users edit their profile information
在使用者的新聞摘要上 (屬性值變更時)On a user's newsfeed, when the property value changes
複製Replication
指出是否屬性可以設定為當使用者變更其值是否可以複寫到其他網站上的使用者資訊清單。這需要屬性的預設隱私權設定為任何人及使用者無法覆寫屬性的預設隱私權設定。Indicate if the property can be configured to be replicated to user information lists on other sites when a user changes its value. This requires that the property's default privacy setting is Everyone and that users cannot override the property's default privacy setting.
搜尋相關屬性Search-related attributes
搜尋相關屬性有兩個:There are two search-related attributes:
別名: 指出屬性的值是否應視為等同於使用者的名稱進行搜尋。Alias: Indicate if the property's value should be treated as an equivalent to the user's name for searching.
索引: 指出是否此屬性的值應該編製索引的搜尋。Index: Indicate if the value of this property should be indexed for searching.

決定個人化設定原則Determine personalization settings policies

設定 User Profile service 應用程式中的每個使用者設定檔屬性的原則,以及您可以設定類似原則 SharePoint 伺服器上提供的清單、 網頁組件或網站的設定檔相關資訊的個人化功能。在 [User Profile service 應用程式的管理原則] 頁面上達成此目的。您可以設定原則來授與的使用者在下表中顯示的功能。Along with setting policies on each user profile property in the User Profile service application, you can set similar policies on SharePoint Server personalization features that provide profile-related information in lists, web parts, or web sites. You do this on the Manage Policies page of the User Profile service application. You can set policies to give users the capabilities show in the following table.

使用 [個人化] 索引標籤的 [使用者設定檔屬性規劃工作表來記錄的個人化功能的相關原則。Use the Personalization tab of the User Profile Properties Planning worksheet to record the set of policies related to personalization features.

功能Feature 若要提供的資訊Information to provide
SharePoint 網站成員資格SharePoint site memberships
如果使用者的 SharePoint 網站成員資格應該顯示在 「 我的網站、 清單和網頁組件,啟用此功能。Enable this capability if users' SharePoint site memberships should be displayed in My Sites, lists, and web parts.
通訊群組清單成員資格Distribution list memberships
如果通訊群組清單成員資格應該顯示在 「 我的網站、 清單和網頁組件,啟用此功能。Enable this capability if distribution list memberships should be displayed in My Sites, lists, and web parts.
同事Colleagues
如果使用者的同事應該顯示在 「 我的網站,啟用此功能。Enable this capability if users' colleagues should be displayed in My Sites.
自動填入組織的同事Auto-population of colleagues from organizations
指出是否應該根據組織階層自動填入使用者的同事清單。Indicates if the user's colleagues list should be auto-populated based on organizational hierarchy.
顯示同事建議Display colleagues recommendations
會指出清單同事建議 (根據電子郵件使用狀況和其他因素) 是否應該顯示在 「 我的網站、 清單和網頁組件。Indicates if the list of colleague recommendations (based on email usage and other factors) should be displayed in My Sites, lists, and web parts.
在「我的網站」上顯示連結Display links on My Sites
如果使用者經常瀏覽網站連結應該顯示在 「 我的網站,啟用此功能。Enable this capability if links to users' frequently visited web sites should be displayed in My Sites.
顯示固定至「我的網站」的其他網站Display other sites pinned to My Sites
會指出其他使用者是否可以檢視使用者已固定至 「 我的網站的網站。Indicates if the sites that users have pinned to their My Sites can be viewed by other users.

您可以啟用或停用個人化功能,而且可以設定其隱私權設定。在 [使用者設定檔屬性規劃] 工作表中,記錄對每個個人化功能的隱私權原則喜好設定 (如下表所示)。You can enable or disable personalization features, and you can configure privacy settings on them. In the User Profile Properties Planning worksheet, record your privacy policy preferences for each personalization feature, as shown in the following table.

設定Setting 若要提供的資訊Information to provide
啟用Enable
指出是否應啟用此個人化功能。啟用功能它可讓使用中的功能,例如 「 我的網站。Indicate if this personalization feature should be enabled. Enabling a capability makes it available for use in features such as My Sites.
預設隱私權設定Default privacy setting
指出誰可以看到功能所提供的資訊:所有人、同事、小組成員、主管或僅限使用者。Indicate who can see information that is provided by the feature: everyone, colleagues, team members, manager, or only the user.
隱私權設定覆寫Privacy setting override
指出使用者是否可以變更功能的預設隱私權設定。Indicate if users can change the feature's default privacy setting.