Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Security trimming is available within SharePoint itself. To make this work, a SecurityTrimmerPre interface must be created.

The ISecurityTrimmerPre interface adds claims to the query prior to the security trimming; so it executes “pre” (prior to) the security trimmer. With the exception of deny ACLs, the function of the ISecurityTrimmerPre module is to always add results to the result set, rather than to remove them. In this sense, it is the opposite of a security trimmer.

It is critical to understand that if the ISecurityTrimmerPre interface malfunctions, then you get no secure search results. (If it performed "classic" security trimming and malfunctioned, then you would get back extra unauthorized results.) On each search request, the Security Pre-Trimmer is invoked to enhance the search query with ACL information. This information is retrieved from an Aspire Group Expander (LDAP, Lotus Notes ...)

SharePoint Security Pre-Trimmer
Currently Supporting:

SharePoint 2013 and 2016

Aspire Group Expander 3.2

Requirements


The following items are required by this component:

  • SharePoint 2013 or SharePoint 2016
  • Group Expansion REST Service



A separate service from group expansion can be used if:

  • It is a REST endpoint that accepts the parameter username.
  • The response is an xml with the same format as this one.

URL Request

XML Response

<groups>
    <group>tesla</group>
    <group>scientists</group>
    <group>italians</group>
    <group>group1</group>
    <group>group2</group>
    <group>group3</group>
    <group>group4</group>
    <group>PUBLIC:ALL</group>
    <group>xxxxxx</group>
  </groups>


  • No labels