I'm a little bit confused about the Enterprise Search Accelerator and search results permissions, and hope someone can clear things up a bit.
The Enterprise Search documentation states that "The Microsoft Dynamics CRM security model is preserved and enforced...". My initial interpretation of this was that users, when searching
the indexed CRM data, would not see items they don't have access to. So if I don't have access to the customer "Sanford and Son" in CRM, searching in SharePoint for "Sanford" should produce 0 hits.
I can't get it to work this way though, and doing a bit more research on the subject I'm thinking maybe I was wrong. Apparently the CRM security model doesn't come into play until you actually try to access the item by clicking on the search result.
This means people can search data they don't (or rather shouldn't) have access to.
Is this the correct/intended behaviour?
Is it possible to put security trimming on the search results/indexed data so that users don't get these "false positives" when searching? I've seen references to developing your own security trimming using
ISecurityTrimmer, but I'd prefer not to go down that dark and rocky path. Are there any other options?