Draft Item Security & Search Results Security Trimming
The content access account of MOSS search should have a read-only access to content. In some cases that is not enough – there is a list level setting to limit the visibility of draft versions of list items to only the ones with edit permissions. This means that the content access account cannot index the draft versions. So if you have a document with the latest version being 0.x it is totally invisible in search. If you have a document with the latest version being 1.x you will only see the version 1.0 in search results.
The first reaction to overcome this would be to ignore the best practice and grant edit permissions to content access accounts. This allows indexer to crawl the latest draft version of the document. In SharePoint, the so-called “security trimmer” takes care of cleaning the search results and showing the user only the search results he is allowed to see. Somehow the draft item security setting is ignored by the security trimmer – apparently because it is a library level setting instead of being in the document access control list. This means that the latest draft version of the document will be indexed and shown in the search results for the user with only read permissions. But when user clicks the search result link of the document in question, he/she either gets a “access denied” error (if there are no major versions published) or the latest major version.
To sum this up, there seems to be only bad alternatives when using draft item security to require edit permissions to view drafts. Either not have draft versions indexed at all, or to elevate content access account with edit permissions, have the draft versions indexed but get problems with the search results security trimming.
Popularity: 9% [?]
[...] SharePoint Blog Post From SharePoint Security – Google Blog Search: In SharePoint , the so-called “ security trimmer” takes care of cleaning the search results [...]
[...] Draft Item Security & Search Results Security Trimming (SharePoint Blues)The content access account of MOSS search should have a read-only access to content. In some cases that is not enough – there is a list level setting to limit the visibility of draft versions of list items to only the ones with edit permissions. This means that the content access account cannot index the draft versions. So if you have a document with the latest version being 0.x it is totally invisible in search. If you have a document with the latest version being 1.x you will only see the version 1.0 in search results. [...]
Microsoft has made a related KB article: http://support.microsoft.com/kb/2304855 . Apparently this refers to content access account having the default read permissions.
I *don’t* want viewers to be able to see draft versions in their search results, but whenever the latest version of the document is a draft version *no* version of the document appears in the search results (even though there’s been a previous published version).
The document library is configured for major and minor versioning, require approval for publishing, require checkout to edit.
Most frustating! This is on the IW demo vhd.
Martin
[...] http://www.sharepointblues.com/2010/03/17/draft-item-security-search-results-security-trimming/ [...]
[...] to some blog posts like here and here , this happens [...]
Martin, have you gotten a workaround to your problem? We are encountering the exact problem.
Thanks so much.
Martin , Betty
I found a working solution at :
http://extreme-sharepoint.com/2011/10/04/sharepoint-search-isecuritytrimmer/
Hope it helps
Thanks