Security and SharePoint Documents

To allow users to search only documents that they are permitted to view you will need to pass the SharePoint groups to which they belong to the query service as the rights CGI parameter. See the section on "ACLs" in the Watson™ Explorer Engine documentation for more information about rights.

If you are using Active Directory, these groups can easily be retrieved through the LDAP protocol using the user login. Just add the form component named Active Directory Rights to the form associated with the source of your SharePoint collection, and enter the following parameters:

Because Windows names and groups are case insensitive (while Watson Explorer Engine names and groups are case sensitive), both the ACLs collected during the SharePoint crawl and the groups retrieved from the Active Directory are normalized to lower case.

If you want to see the ACLs associated with each content, temporarily turn on the Keep ACLs option under the Configuration > Indexing tab of your search collection and view the search results in XML.