(from github.com/ron-lee)
Hello, dear expert,
we did some testing on the product and we did connect via LDAP as well per this thread: How to use roles and groups, however based on what we saw, user and group are more for restricting what crawling sources certain user and group could see instead of security trimming on individual items in the crawling source such as different permissions on different folders and files under a file server. Or we are missing something here. Somehow we haven’t been able to find any good documentation here.
Thanks very much in advance for your time.
(from github.com/marevol)
Indexed documents are controlled by role field.
(from ron-lee · GitHub)
Thanks. At one of file, the role field at index is:
1BUILTIN\Administrators
2DomainA\user1
2WIN-112\Administrator
Radmin
Rguest
If I logged in as “admin” user to search, this file would be in search result. then I logged in as DomainA\User2, I could still see the same file. Then I removed “Rguest” from the index role field, and then search again with DomainA\User2, I could still see the file. That’s where we are not sure why the search is not doing the security trimming for DomainA\User2 since that file should not be appearing at search result for him.
(from github.com/marevol)
I think the user has DomainA\user1 or WIN-112\Administrator group.
(from github.com/ron-lee)
I see, DomainA\User1 is a user. we are checking other group membership now.
(from github.com/ron-lee)
We checked with our IT department, DomainA\user2 is not at any of groups there plus the local administrator group. Just wonder how we should debug for next step. Thanks.
(from github.com/marevol)
Did you check audit.log?