Preventing users from using the "search" feature to view content they shouldn't be allowed to see

This might be a non-problem .....

We're considering allowing users to attach files to items, either via file attachments or via several "File" field types in the item.  In the past we have prevented attachments because our system is mainly paper-based.

The documents that a user might attach to an item could contain PII that other users should not be permitted to see. We prevent most users for viewing items unless the item is directly assigned to them.  The attachments will mainly be PDFs, DOC files and image files.  Possible Excel files.

The SBM indexing system has the ability to scan file attachments.  If the scanner scans the contents of the file attacments, will a user be able to search for keywords in attachments and see the context or a portion of a file attachment that they normally would not be permitted to see, or to construct a search query that would confirm (or deny) the existence of keywords in a document they would not be permitted to see??

Am I inventing a problematic scenario that won't exist??

Tags:

  • SBM Smart Search will not index restricted attachments/notes by default, and the only way to set the system to index attachments is to manually modify a configuration file.  All unrestricted (public) attachments/notes are indexed.  Smart Search does not show the text found in the attachment or where the text was found, the item just appears in the search results with a resulting "relevance" percentage.

    You can control the ability to set unrestricted notes/attachments. See documentation here,

    Restricted notes/attachments can be viewed based on View Attachment if... privileges that the user has for attachments.

  • Our systems are indexing file Attachments.  Files have been attached with the "Unrestricted" checkbox not checked, i.e. file is "restricted".  The setting in System Admin is "Restricted if Privileged".  Systems are configured for "attachments stored in the file system".  

    We know that users without the right privilege can't view the attached file or can't view the item with the attached file, however the user can still use the Search feature to confirm or deny the existence of attachments containing keywords or phrases.  The attachments will contain PII and PHI.  An intelligent user who knows the structure of the attachments might be able to construct search queries that will return an item in the search results that they can't view but that contains a phrase, thus alerting the unprivileged user that "Yes, there's a document with a specific phrase".

    I did figure out a hack that I'm hoping will prevent the system from indexing attached files stored in the file system.  Basically I'm setting the attachments directory in SBM System Admin to "....\directory_A", then changing the setting in Configurator that tells the indexing service where the attachments are stored to "...\directory_B".

    The systems are also indexing the contents of "File" fields.  Is there a setting to control that?

  • The system should NOT be indexing restricted attachments.  It is the default install behavior.

    I will show you where to control the settings for indexing of attachments. 

    • Look in [SBM]\Common\tomcat\server\default\webapps\commonsvc\WEB-INF\classes
    • Edit the CONFIG.PROPERTIES file.

    lucene.indexDir=C:/Program Files/Serena/SBM/Common/tomcat/server/default/indexdir-commonsvc
    lucene.indexFileAttachments=true
    lucene.indexURLAttachments=false
    ...
    lucene.searchRestrictedAttachments=false
    

    Lines 3 will index attachments, but line 5 will not search restricted attachments.

    I have tested the search of restricted attachments in 12.2, and I am not getting hits.