While I was configuring a new content source für SharePoint Server 2010 Search I was asking myself which permissions on a NTFS drive will SharePoint look after for displaying search results. Directory permissions or file permissions? Or both?
I simply set up a folder directly on the SharePoint WFE. This folder also has a subfolder called “Management”.
I also created a managed account in SharePoint called “sp_fileserver” as a content access account for crawling this folder.
sp_fileserver has only read permissions. Additionally the security group “Software Development” has read/write permissions on this folder and it’s subfolder.
I created a new content source
and set up a crawl rule with sp_fileserver as the content access account.
I started a full crawl and members of the AD security group “Software Development” can search this file directory successfully.
So far so good.
Now I changed the user permission of the subfolder “Management”. I deleted all user permissions for “Software Development. After a fresh incremental crawl members of this group no longer got search results from this subfolder. This was to expect.
An Active Directory security group “Management” has read write permissions on subfolder “Management” but no permissions at all on the parent folder. What will happen?
Result: Members of the management group get results from subfolder “Management” but none from it’s parent folder to which they have no access. But they cannot open the files in folder “Management” because the don’t have access to the parent folder.
Same is when you have special permissions on a single file. Let’s say user Luise has permissions to a single file in the “Management” folder but no permissions to the folder itself. On the file system she cannot reach her file. But … in SharePoint Search she get’s a result for her file. Nothing won with that, when she clicks the link in the search results listing nothing will happen. The file won’t open.
As you can see there can be a little difference in what you see in your file servers search results in SharePoint and to what you have real access to.