Because of my problems with alerts and notifications I started to figure out when alerts/notifications will sent to users and where alerts are written within the site collection database. When you create an alert on an item/library the alert should be send whenever something is changed. The informations about are written within the „ImmedSubscriptions“ table. If you want to have only summaries about changes of your item/library daily or weekly the information about is written within the „SchedSubscriptions“ table. We start to take a closer look. In both tables we will find the columns „UserEMail“ and „SiteUrl“. If you find no entry within „UserEMail“ the alert will be send to everybody within your organisation. You can set alerts on a library how often you want. So it can be possible that you set x alerts on the same item/library with the same conditions. Every entry will be found within one of the both tables independs on your settings. To get an alert you must have minimum rights to the site collection. If you have no access you wont get it.
At this point we found now two negativ things. First you can set x alerts with same conditions to an item/library. The second thing is that you need minimum access to the site collection. Why is that negativ? Well it is possible that a user of your organisation assign a task to someone else even that user have no access. That is possible because the provider (membership provider) is not ingelligent enough to know the accessibility of that user. To understand this you must know a little bit about how the authentication and the provider of MOSS 2007 is working. The authentication of all users are going against the membership provider. The people picker use that provider to access the users and groups. When you assign a task to someone else you use that people picker. If the timer job (Immediate Alerts) now is running you will get a log entry within MOSS 2007 that the user can not be resolved. The server try to read the mail address of your imported user and not from the place where the users authenticate. You see that is a bit strange. Even some people will say this is correct because the new assigned user have no access so think about that the users of your organisation do not know who can access a site collection or not. One point more. The user who is originally assigned to the item/library will get an information mail about but the new assigned user will never recognize that. It would be better that the new assigend user will get a message. If that user click the message and no access to the site collection exists the user will be redirected to a website. On this site the user could request the access.
In a future block I will describe how to use different membership providers on MOSS 2007 and WSS 3.0. As well I will show how to write your own membership provider so you can fix that issue by yourself.