Enabling security trimming on search results: External data in SharePoint 2010

 

Business Connectivity Services (BCS) in SharePoint 2010 provides the capability to connect to external data and create scalable application utilizing this out-of-box feature.

The core function of BDC is to provide connectivity support to the following types of external systems:

• Databases
• Web/WCF services
• Microsoft .NET Framework connectivity assemblies
• Custom data sources

Data present in the external repository may have access restrictions i.e. based on role\group\user data can have restricted access. This means every user may not have access to every record present in the repository. SharePoint 2010 provides security trimming that ensures that information is available to the appropriate users only. For each record access information must be present and should be mapped to the users\groups identifiable in SharePoint.

In order to enable security trimming on the search results, do the below:

• Generate security descriptor for access at record level for each item present in external repository
• Create a BDC model with appropriate method instances for reading item and list details
• Return the security descriptor generated as a property to the BDC model along with your item details
• Map the security descriptor property with "WindowsSecurityDescriptorField"

Security descriptor is byte array generated for a user\group with appropriate access rights defined in it. This value is mapped with the "WindowsSecurityDescriptorField" in "SpecificFinder" for security to work.

In my next post, I'll walk through a sample database example for the above steps.