The content access account of MOSS search should have a read-only access to content. In some cases that is not enough – there is a list level setting to limit the visibility of draft versions of list items to only the ones with edit permissions. This means that the content access account cannot index the draft versions. So if you have a document with the latest version being 0.x it is totally invisible in search. If you have a document with the latest version being 1.x you will only see the version 1.0 in search results.

The first reaction to overcome this would be to ignore the best practice and grant edit permissions to content access accounts. This allows indexer to crawl the latest draft version of the document. In SharePoint, the so-called “security trimmer” takes care of cleaning the search results and showing the user only the search results he is allowed to see. Somehow the draft item security setting is ignored by the security trimmer – apparently because it is a library level setting instead of being in the document access control list.  This means that the latest draft version of the document will be indexed and shown in the search results for the user with only read permissions. But when user clicks the search result link of the document in question, he/she either gets a “access denied” error (if there are no major versions published) or the latest major version.

To sum this up, there seems to be only bad alternatives when using draft item security to require edit permissions to view drafts. Either not have draft versions indexed at all, or to elevate content access account with edit permissions, have the draft versions indexed but get problems with the search results security trimming.

Popularity: 2% [?]