Enterprise Search and CRM security

Sep 29, 2009 at 1:47 PM


I'm a little bit confused about the Enterprise Search Accelerator and search results permissions, and hope someone can clear things up a bit.

The Enterprise Search documentation states that "The Microsoft Dynamics CRM security model is preserved and enforced...".  My initial interpretation of this was that users, when searching the indexed CRM data, would not see items they don't have access to. So if I don't have access to the customer "Sanford and Son" in CRM, searching in SharePoint for "Sanford" should produce 0 hits.

I can't get it to work this way though, and doing a bit more research on the subject I'm thinking maybe I was wrong. Apparently the CRM security model doesn't come into play until you actually try to access the item by clicking on the search result. This means people can search data they don't (or rather shouldn't) have access to. 

Is this the correct/intended behaviour?

Is it possible to put security trimming on the search results/indexed data so that users don't get these "false positives" when searching? I've seen references to developing your own security trimming using ISecurityTrimmer, but I'd prefer not to go down that dark and rocky path. Are there any other options?

Thank you

- Frode