Follow me on Twitter @AntonioMaio2

Saturday, May 26, 2012

Securing Information in SharePoint Search

When it comes to securing access to content in SharePoint, a question that often comes up is "Can you secure access in Search as well?". 

The search capability within SharePoint, whether its native search or FAST search, is a really critical component for end users because it helps them find the information they're looking for in what is always (for all organizations) an ever growing SharePoint repository.  It helps end users more quickly access the information they need to get their work done.  So, the topic of securing access to senstive information when searching in SharePoint is important.

The answer to this question is YES.  One method of doing this is through SharePoint permissions.  As we know, permissions applied at any level (site, library/list, folder or item) can be used to secure access to sensitive content. SharePoint permissions or ACLs are respected by both native search and FAST search so that if a user does not have permissions to access an item, when they search for that content it will not be presented as part of their search results either.  However, there are some important details that need to be considered when generally configuring the native search capability.

A few weeks ago, I came a across a great post by Veronique Palmer, SharePoint MVP from South Africa and founder of Lets Collaborate, that goes into some detail about how to configure SharePoint search in order to secure access to content. 

Veronique states:
As a Site Owner or Site Collection Administrator, you can decide if the content on an entire set of sites can be available in search results or not; or the content of a specific list or library; or the data that exists in columns and web parts – all without setting permissions.
She discusses various options available in SharePoint for configuring the native search capabilities, including:
  • Search and Offline Availability Settings for sites
  • Search options for web parts
  • Searchable Columns for libraries/lists
Veronique goes on to make another important point:
You need to have governance in place as to what is considered sensitive or confidential content – that must be clearly define.  You need to decide what the security levels all your content needs to be and tag all your content accordingly. This is also a legislative requirement in many industries. All this needs to be clearly communicated to your user base.
Her post is definetly worth a read and the full article can be found here: Restrict What Content Can Be Searched in SharePoint (for Business Users).

-Antonio

No comments:

Post a Comment