A subject that often gets raised in organisations is how secure is the data being stored. With SharePoint you could use permissions on a site level, list or library level, sub-folder level, or document level to restrict access to information. Then you can decide if they can read, edit or manage that content on those levels using the default groups of Members, Owners and Visitors.
However, that doesn’t mean that those documents won’t come up in the search results anyway. This is something that the Risk departments often raise. Users could get sneaky with the way they search, or you may not understand permissions yet and inadvertently be exposing your sensitive data to everyone in the organisation.
As a Site Owner or Site Collection Administrator, you can decide if the content on an entire set of sites can be available in search results or not; or the content of a specific list or library; or the data that exists in columns and web parts – all without setting permissions.
To prevent content from being searchable on a site level, you would click on Site Actions – Site Settings – Search and Offline Availability. Note what the description says : if you block search from this site, all subsites from this level down will also be excluded from the search results. Plan correctly.
You can also drop web parts onto a page that has content with unique permissions on it. To be extra sure that content does not get exposed by accident, you can also keep the setting for search on aspx pages. (Look in the URL / link of your SharePoint site, at the end you will see .aspx, the sites, lists and libraries all end with that extension). Again, Site Actions – Site Settings – Search and Offline Availability, select Do Not Index Web Parts if This Site Contains Fine-Grained Permissions; (that means unique permissions on something).
Then inside specific lists or libraries, click on List / Library Settings – Advanced Settings and scroll to the search section.
And finally, you can restrict what columns (metadata) can be searched to secure sensitive data. Site Actions – Site Settings – Searchable Columns (under Site Administration. This is not available in SharePoint Foundation though). All the available columns are displayed and you can click to select the columns you want hidden, like salaries. The columns displayed are the ones applicable to that site you’re on.
While these are great options for preventing accidental exposure of your content, it is best practices to fully understand the permission / security model of SharePoint sites to make everything super secure.
You need to have governance in place as to what is considered sensitive or confidential content – that must be clearly define. You need to decide what the security levels all your content needs to be and tag all your content accordingly. This is also a legislative requirement in many industries. All this needs to be clearly communicated to your user base.
If you are using team sites, intranet sites and My Sites, make sure people understand the differences between storing their content on each of those areas, and get your IT department to make sure the search scopes are set up correctly to prevent operational, ring-fenced content from being exposed to the whole organisation.
To find out who has access to a specific document across the whole platform, you would need third party tools, you can’t do that out of box. You’d need to look at products like AvePoint, Idera, ControlPoint, etc.
That’s what Bruce would do!
Views from Veronique 
Hi Keith,
You need to use permissions on the library ideally to make sure the right people are seeing what they are supposed to see when they search for something.
LikeLike
Greetings Veronique,
This is an older post, hopefully you’ll see my reply.
Question regarding this statement “And finally, you can restrict what columns (metadata) can be searched to secure sensitive data. …like salaries.”
Would you mind clarifying that further? As I understand, that simply causes SharePoint 2010 to exclude the metadata from the search results, but it does not remove the document (which may be associated with the sensitive metadata) from the search results. Is my understanding correct? In my organization we are interested in means to use Metadata in a truly secure fashion. Presently I’m leaning towards a separate MMS to provide a clear division between Term Stores, but want to avoid overkill if possible.
Regards,
Ken
LikeLiked by 1 person
[…] Restrict What Content Can Be Searched in SharePoint (for Business Users) […]
LikeLike
[…] Restrict What Content Can Be Searched in SharePoint (for Business Users) […]
LikeLike
[…] article was originally posted here, on the Views from Veronique blog. .gplus #___plusone_0, .gplus #___plusone_1,.gplus […]
LikeLike
Good to know Frank, thanks. Just wanted to put in double measures for the paranoid peeps. 🙂
LikeLike
Hi Veronique, just one small comment from my side. SharePoint search does in fact remove search results based on permissions even though it was selected as “include in search results” on a list level. If you “exclude from search results” it will exclude it for everyone. 🙂
LikeLiked by 1 person
Thank you Antonio. 🙂
LikeLike
Great blog post Veronique!
-Antonio
LikeLike
[…] Restrict What Content Can Be Searched in SharePoint (for Business Users) (Views from Veronique)A subject that often gets raised in organisations is how secure is the data being stored. With SharePoint you could use permissions on a site level, list or library level, sub-folder level, or document level to restrict access to information. Then you can decide if they can read, edit or manage that content on those levels using the default groups of Members, Owners and Visitors. […]
LikeLike
[…] Restrict What Content Can Be Searched in SharePoint (for Business Users) (Views from Veronique) A subject that often gets raised in organisations is how secure is the data being stored. With SharePoint you could use permissions on a site level, list or library level, sub-folder level, or document level to restrict access to information. Then you can decide if they can read, edit or manage that content on those levels using the default groups of Members, Owners and Visitors. […]
LikeLike
[…] Post From SharePoint Security – Google Blog Search: A subject that often gets raised in organisations is how secure is the data being […]
LikeLike
[…] Restrict What Content Can Be Searched in SharePoint (for Business Users) A subject that often gets raised in organisations is how secure is the data being stored. With SharePoint you could use permissions on a site level, list or library level, sub-folder level, or document level to restrict access to information. … Continue Read More… […]
LikeLike