When you implemented NextLabs entitlement for SharePoint, you are
able to restrict groups or users to access SharePoint content using security
policy even they are granted the permissions through SharePoint. However, it
took us a long time to restrict the search result displayed to the same groups
of users. We have identified the key to
integrate search security is to implement NextLabs security trimming.
Search
Result Trimming allows you to limit the display of search results to only those
web parts or documents (i.e., list items) which the search user is authorized
to view based on NextLabs entitlement policy. For example, suppose a user searches a site collection for the string
“Cyberdyne Corp.” If some policy blocks that user from viewing, opening or
using documents belonging to or associated with Cyberdyne Corp, then all search
results involving Cyberdyne documents that appear in the search results will be
trimmed—that is, not displayed to that specific user. The search result
trimming administration and configuration procedure is not included in NextLabs
administration guild but in entitlement manager user guide. This is one of the
reasons we were not be able to set up quickly. Another reason is the
instruction is not clear and we were missing the steps. Here are detailed
procedures you could refer to implement Search Result Trimming.
1. Define craw rules - Define one
crawl rule for EACH webapp inside the farm by clicking Crawl Rules link.
You need to set up one for each webapp. As a result, you will have five rules
if you have five webapps. Please select the following configurations and see
screenshot for details.
Path: The URL
must be root address for the site for the webapp
Crawl
Configuration: Select “Include all items . . . ”
Specify
Authentication: Select “Use the default . . . ”
2. Complete Full Crawl - No explaination needed here.
3. Enable search trimming feature - Enable the
search result trimming feature through the CLI-based Entitlement Manager
Administrator utility on farm or individual webapp.
C:\Program
Files\NextLabs\SharePoint Enforcer\bin\ce_spadmin.exe -o searchresulttrimming -install
-ssa <"Search Service Application">
where "Search
Service Application" refers to the application name for the farm.
At this
time, you might find many questions that might jeopardize Search Result
Trimming. Here are some tricks and the tips to resolve them.
A. If you
have multiple Search Service Applications and different webapps are associated
with different Search Service Applications, how you enable the search result
trimming feature using the CLI-based command as we described above?
Well, the
command to enable on farm based scope will not work and you should enable the
search result trimming feature on each webapp. Here are the commands to enable
the search result trimming feature on two webapps with different Search Service
Applications and also pass webapp root site collection URL.
C:\Program
Files\NextLabs\SharePoint Enforcer\bin\ce_spadmin.exe -o searchresulttrimming -install
-ssa <"Search Service Application1"> -rulepath
http://xnetsbx-sp/*
C:\Program
Files\NextLabs\SharePoint Enforcer\bin\ce_spadmin.exe -o searchresulttrimming -install
-ssa <"Search Service Application2"> -rulepath <second
webapp path>
B. If you have enabled
the search result trimming feature for the farms and you created a new webapp,
the search result trimming feature will not be automated enabled. You need to
enable explicitly using the command listed above.
C. How to check and verify whether search result trimming feature enabled on webapp?
Well, you can launch the “SharePoint 2010 Management Shell” and type the
command to show which trimmer is installed on which rulepath.
Get-SPEnterpriseSearchSecurityTrimmer –SearchApplication “Search
Service Application”
Off cause, you could uninstall search result trimming feature and the command is listed in user guide.
Now, you should have enough infomation to enjoy the NextLabs securioty trimming featrure in SharePoint.
No comments:
Post a Comment