Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Sharepoint Security

  Asked By: Diamond    Date: Apr 13    Category: Sharepoint    Views: 1386

Can SharePoint Portal Server meet the following requirements:

Directors of the company want to be able to store highly confidental
internal documents (appraisals/employee related documents) that only
they have access to.

Can SharePoint allow a document folder to be created that only the
directors have access to, and that is hidden from Administrators, co-
ordinators and *any* other employee?



7 Answers Found

Answer #1    Answered By: Stacey Wilder     Answered On: Apr 13

Yes, just need to Enable Security on the enhanced folder  and list who
has access  to with their rights.

Answer #2    Answered By: Francis Vargas     Answered On: Apr 13

but the Administrator of the workspace, using the server, can
still get to the folder  and change the permissions.

I am trying to create a folder, or protect a document, so that *only*
the people who have access  can access and anyone else, including co-
ordinators and administrators, can not overwrite the permissions.

Answer #3    Answered By: Tori Oconnor     Answered On: Apr 13

No matter if you place it into an enhanced folder  or a standard folder,
anyone who is a local admin will have read access  and set security
The only way to limit who has access is to :
1. Assign proper users/groups to the roles on the folders.
2. Limit the Local Admin group.

You can not deny or remove the Local Admin Privilage.

Answer #4    Answered By: Kristan Benjamin     Answered On: Apr 13

Once you create the enhanced folder, go into the properties of the
folder and remove the administrator from the security  list. Make sure
you uncheck the box that states something like "inherit security from
parent node". Only add in authorized users for that folder.

Answer #5    Answered By: Vivian Mcguire     Answered On: Apr 13

I tried that, and it does prevent unauthorised people from getting in
as long as they don't use the SharePoint machine itself.

I found that by using the SharePoint machine, and logging in as the
Administrator, I was able to browse to the folder  and view any files

I even tried creating a file inside the folder that explicitly denies
the Administrator access; this has no effect. The Administrator could
not check out/in the document, but they could read it.

Anymore ideas anyone?

Answer #6    Answered By: Augustine Snider     Answered On: Apr 13

The help files will explain this. Local Admins have read access  and
change security  access anywhere in the system. Sharepoint will override
any deny access account when the account is a local admin. The only way
to limit the privileges of a Local Admin account is to limit the local
admin account members to those are trusted within your org.

Answer #7    Answered By: Genevieve Sherman     Answered On: Apr 13

I'm not a network admin, but I was able (with help from our network folks)
to create a document  folder called Private. I gave the coordinator right to
our CTO, and author rights to two others. Any folders they create underneath
will inherit these rights.

Then, in IIS, I opened that folder  and denied access  to the folder to
everyone in the company  but those three people. When anyone but the three
click on that folder, they get a customized error message indicating the
resource is off limits. Of course I had to be given rights to the folder
there, I could remove myself (actually removed my IP address) from access.
Now there's a secure lockdown on the folder that should be sufficient for
our purposes. I have no illusions that someone with abilities couldn't get
in, but they'd have to work at it, and I believe a breach would be logged.

If anyone can think of an obvious way this is insufficient, I'd love to hear

Didn't find what you were looking for? Find more on Sharepoint Security Or get search suggestion and latest updates.