Tuesday, June 19, 2012

Tricks and tips for NextLabs entitlement integration with SharePoint search trimming

When you implemented NextLabs entitlement for SharePoint, you are able to restrict groups or users to access SharePoint content using security policy even they are granted the permissions through SharePoint. However, it took us a long time to restrict the search result displayed to the same groups of users.  We have identified the key to integrate search security is to implement NextLabs security trimming.

Search Result Trimming allows you to limit the display of search results to only those web parts or documents (i.e., list items) which the search user is authorized to view based on NextLabs entitlement policy. For example, suppose a user searches a site collection for the string “Cyberdyne Corp.” If some policy blocks that user from viewing, opening or using documents belonging to or associated with Cyberdyne Corp, then all search results involving Cyberdyne documents that appear in the search results will be trimmed—that is, not displayed to that specific user. The search result trimming administration and configuration procedure is not included in NextLabs administration guild but in entitlement manager user guide. This is one of the reasons we were not be able to set up quickly. Another reason is the instruction is not clear and we were missing the steps. Here are detailed procedures you could refer to implement Search Result Trimming.

1. Define craw rules - Define one crawl rule for EACH webapp inside the farm by clicking Crawl Rules link. You need to set up one for each webapp. As a result, you will have five rules if you have five webapps. Please select the following configurations and see screenshot for details.

Path: The URL must be root address for the site for the webapp
Crawl Configuration: Select Include all items . . .
Specify Authentication: Select Use the default . . .

2. Complete Full Crawl - No explaination needed here.

3. Enable search trimming feature - Enable the search result trimming feature through the CLI-based Entitlement Manager Administrator utility on farm or individual webapp.

C:\Program Files\NextLabs\SharePoint Enforcer\bin\ce_spadmin.exe -o searchresulttrimming -install  -ssa <"Search Service Application">

where "Search Service Application" refers to the application name for the farm. 

At this time, you might find many questions that might jeopardize Search Result Trimming. Here are some tricks and the tips to resolve them.

A. If you have multiple Search Service Applications and different webapps are associated with different Search Service Applications, how you enable the search result trimming feature using the CLI-based command as we described above?

Well, the command to enable on farm based scope will not work and you should enable the search result trimming feature on each webapp. Here are the commands to enable the search result trimming feature on two webapps with different Search Service Applications and also pass webapp root site collection URL.

C:\Program Files\NextLabs\SharePoint Enforcer\bin\ce_spadmin.exe -o searchresulttrimming -install -ssa <"Search Service Application1"> -rulepath http://xnetsbx-sp/*

C:\Program Files\NextLabs\SharePoint Enforcer\bin\ce_spadmin.exe -o searchresulttrimming -install -ssa <"Search Service Application2"> -rulepath <second webapp path>

B. If you have enabled the search result trimming feature for the farms and you created a new webapp, the search result trimming feature will not be automated enabled. You need to enable explicitly using the command listed above.

C. How to check and verify whether search result trimming feature enabled on webapp? 

Well, you can launch the “SharePoint 2010 Management Shell” and type the command to show which trimmer is installed on which rulepath.

Get-SPEnterpriseSearchSecurityTrimmer –SearchApplication “Search Service Application”

Off cause, you could uninstall search result trimming feature and the command is listed in user guide.

Now, you should have enough infomation to enjoy the NextLabs securioty trimming featrure in SharePoint.


No comments:

Post a Comment