tags:

views:

44

answers:

1
Q: 

Protect sensitive information from Site Collection Admins

Is there a way to prevent a SharePoint site collection administrator from viewing the contents of a file without leaving a trail?

I’m one of the farm administrators as well as one of the site collection administrators and we are developing an InfoPath form that will contain sensitive information. It would be nice if we could assure the form owners that nobody, including the site admins, would be able to access the sensitive information leaving a trail. It’s okay if the admins have to take ownership of the file to view it because that would leave a trail.

+2  A: 

you can enable auditing on the list that holds the file. That way you can keep a record of who accesses which file at what time etc.

Colin  2009-10-14 21:41:04
Just adding the link to show how to turn on auditing: http://office.microsoft.com/en-us/sharepointserver/HA101000051033.aspx
Gurdas Nijor  2009-10-14 22:11:22
thnx, should have done that
Colin  2009-10-15 00:03:30
Being able to audit who opens the files is more of a backup requirement. I was asked to see if we can protect the files in a way that is similar to the private content in a person’s MySite. The only way I know for sys admins to access private MySite content is to take ownership of the MySite site collection, which would be hard to do by accident.
Cyfred  2009-10-15 15:52:51
Well, you could log in to the site as using the app pool account, which security wise sits one level above the site admin. When logged in using that account remove the permissions on hte list for all users except the system account. Not sure if this will work but it should. To acces the list thorugh code just use RunWithElevatedPrivileges.
Colin  2009-10-15 20:38:36

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?