SharePoint Dragons

Nikander & Margriet on SharePoint

Security settings based on metadata

We didn’t hear about it before, but the TITUS Metadata Security for SharePoint allows organizations to set security settings based on metadata: http://www.titus.com/software/sharepoint/metadata.php Interesting, but we are wondering though: does this revert to item based security? Why not use folders instead (we know, a sensitive topic for many) and save some money?

We’ve learned that in general sales people of 3rd party vendors tend to read this blog, so we won’t be surprised if the answers to these questions pop up in a while in the form of comments. We’ll just have to wait and see.

Advertisements

One response to “Security settings based on metadata

  1. Antonio Maio April 5, 2012 at 6:47 am

    Thanks for the post and the question about TITUS Metadata Security. I’m a Microsoft SharePoint Server MVP (1st time this year) and the product manager for TITUS Metadata Security. Yes, based on policies that administrators or site and library owners author with the product, TITUS Metadata Security can automatically apply item-level security to documents or any items in SharePoint, based on metadata related to those items or based on claims associated with users. As well though, the product can apply security permissions to folders and document sets as well. These features are very useful for our customers in the government, military and large commercial space when they have sensitive or confidential documents, mixed with non-sensitive documents in the same library. Or confidential folders mixed in the same library with non confidential folders.

    Of course, you need to be careful with how far you take item level permissions in libraries in SharePoint because there are thresholds around item-level permissions in SharePoint. However, these thresholds are actually higher in practise than most people realize. We’ve worked heavily with Microsoft and our customers on this to demystify the thresholds around item-level permissions. In fact, in the last issue of the Dutch Information Worker User Group eMagazine (a great publication) an article that I wrote was published on this exact topic – Effectively Managing Permissions in Microsoft SharePoint 2010 which can be found here: http://www.diwug.nl/e-magazines/Pages/default.aspx. This will help your readers understand some of these thresholds around item-level permissions in SharePoint 2010 much better.

    Since the time of writing that article we at TITUS have done meaningful performance testing of SharePoint 2010 with Service Pack 1 and the latest cumulative updates (Aug 2011 or later). We have found that performance on large libraries with many unique permissions has been improved significantly once upgraded service pack 1 and the latest updates. The SharePoint limitations/thresholds in this regard have not been removed entirely, but we have found that the threshold at which performance degradation starts to occur is an order of magnitude higher than previously. We have confirmed these findings with members of the Microsoft SharePoint development team. In confirming this, the team also mentioned that they were not altering their public guidance because they are completely focused on wave15 so we have not seen any official articles about it.

    Overall, we’ve found that individual libraries with 50,000 to 60,000 items breaking inheritance from their parent library is now quite acceptable from a performance standpoint. This was confirmed by several of our enterprise customers in the field as well. This is of course dependant on server architecture, but we did see the before and after effects of the upgrade have a dramatic performance improvement in these cases.

    Hope this helps your readers.
    Antonio

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: