Hi

I have a document library where in a filter is applied of [ME] so that user can only see his/her documents whenever they open this document library.

But despite of this limitation, if they search for any document (others') in the global search or the search box on top of the library they are able to find it and open it as well.

These documents and data is really sensistive and we cannot afford to have this kind of security breach.

Please let me know how to restrict the search.

Thanks

Paru

hi

the fact that you use filter in list view for hiding sensitive information from users is already security breach: users may access hidden documents by direct url if they will know it somehow. In order to restrict access you have to use Sharepoint security: e.g. create separate folders for each user, break permissions inheritance for each folder so they won't inherit permissions from parent doclib and assign permissions on each folder only to single user which should work with that folder.

After that no additional actions should be done for hiding documents in search results: Sharepoint by default uses security trimming there so users won't see items and documents for which they don't have access.

Hi

Thanks for the information,

but we have a 4000 users in our organization and it is not feasible to create folder for each empoyee, also there is one admin group who should be able to view all the documents.

How we should go about doing this.

Thanks

Paru

Hi Paru,

It not advised to create multiple folders and assign unique permissions. I would recommend to set the  ReadSecuirty and WriteSecurity for document library using powershell. Below is the snippet

$web = Get-SPWeb http://site-url/
$list = $web.Lists["Document Library"]
$list.ReadSecurity = 2
$list.WriteSecurity = 2
$list.Update()
$web.Dispose()

This sets the following permissions for the library

- Read items that were created by the user.

- Create items and edit items that were created by the user.

Hope this helps.

as an option you may do it from PowerShell. Another way is to break permissions inheritance for the documents, without creating folders: each document should have only permissions for the users which created this document plus group which you mentioned which should have access to all documents (you will also need to do it via PowerShell if you have a lot of documents). Otherwise try solution with ReadSecurity/WriteSecurity properties, but also test that in this case search won't show documents of other users.