Policy Permissions On SharePoint 2010

What is CAS?

Code Access Security controls the permissions for assemblies within a given Web Application (in this case in SharePoint 2010). For SharePoint 2010, QueryVision Web Parts are deployed to the /bin directory within a given web application. The QueryVision Assemblies need to be granted permission to run.

This is not relevant for SharePoint 2013 since all assemblies are now deployed to the GAC (global assembly cache). This change was adopted by Microsoft as of SP 2013.

Web Policy Configuration (SharePoint 2010 ONLY)

In order to grant access to QueryVision Assemblies, perform the following steps after you have deployed the web parts to your web application.
After deployment, your Code Access Security (CAS) policy file has been backed up and modified to allow some new privileges assigned to QueryVision web parts to allow them to run and access Cognos remotely.

Finding Your Policy File

We need to manually edit this file to turn on this permission. The way to do this is simply to browse to your SharePoint directory under the following directory.

"C:\Program FilesCommon Files\Microsoft Shared\Web Server Extensions\14\CONFIG"

Find the latest file that has been modified. It should be something like “wss_custom_wss_mediumtrust.config”. The name of the file could be something else and if you really can’t find it you can actually look in your web.config file to determine which policy file is actually in effect.

To do this open your web.config file. Find the following entry

<trust level="WSS_Custom" originUrl="" />

In this example the name of our trust level is “WSS_Custom”. Now find the entry called “trustLevel” and it will tell you exactly which file is actually being applied as your CAS policy file (it is only one of these) For example by matching the name from the following entry I find that the LAST entry is actually my policy file.


Edit Your Policy File

Open your policy file in a text editor (notepad will do), and find the following entry (where 123456 is actually some unique number:

<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="queryvision.webparts.install.123456">

Change the PermissionSetName to “FullTrust” (see below).

<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust">

Close and save the file.