Archive for September, 2010

Managing Document Security with SharePoint 2010 Managed Metadata

Thursday, September 30th, 2010

A lot of companies are starting to use SharePoint 2010 Managed Metadata Service to add meaningful metadata to the documents. This metadata can then be used for search, retention, or to help them manage security of their SharePoint documents.

Before SharePoint 2010 was released this was hard to do on an enterprise basis. It was always possible to add site columns or content types to sites, but it was difficult to distribute these across SharePoint farms and sites prior to SharePoint 2010. With the new Managed Metadata Service an organization can easily define an enterprise metadata term store and have that used across all SharePoint farms in the organization.

In addition to adding metadata to SharePoint 2010 documents using an enterprise term store it is now possible to automatically add permissions to documents as they are being created based on the terms (metadata) assigned to the document. More on that later, first let’s have a look at how to setup the Managed Metadata Service.

Setting up Managed Metadata Service can be a little complex. It seems like you have to set this up in 3 or 4 different places before you can get it working. It took me a while to get this working. In terms of the different steps you need to go through to turn on Managed Medata Service and define a term store I found this a useful blog:

Setting up Managed Metadata Service

Once the Managed Metadata Service and Term Store is configured, we can start to use the terms in our Document Libraries. This can be done in a number of different ways, but the easiest way is to create a new column of type Managed Metadata in your document library. When creating the column select the Managed Metadata type. Then you get prompted with the screen below which allows you to associate a term store with the column.

In this case we’ve added a column called classification. Once we’ve added the column we can prompt the user to select the metadata every time a new document is created or uploaded.

Ok, now we have our documents and the associated metadata. Next we want to automatically add security permissions to the documents based on the metadata tag assigned. For example, if a tag of PUBLIC was selected for the document we can allow everyone to have Read access. If a tag of CONFIDENTIAL – LIMITED DISTRIBUTION is assigned we can assign Read permissions to a specific group, perhaps the Managment team. This can be done using the Titus Labs Metadata Security for SharePoint product. The most recent release of this product (V2.1) fully supports SharePoint 2010 Managed Metadata Service.

In addition, for very sensitive information some customers have deployed the Microsoft Rights Management addon for SharePoint. This allows DRM permissions to be assigned to documents as users open them or remove them from a SharePoint library. Using Metadata Security for SharePoint, the permissions automatically assigned to documents will be used by Rights Management to assign appropriate DRM permissions.

Have more questions on how to secure SharePoint 2010 documents or items. Let me know and I’ll see if I can help…Charlie