What is SecurityDescriptor format?
-
11-10-2020 - |
質問
MSDN article "How to: Configure item-level security in SharePoint 2013" mentions service returning Property with Name="WindowsSecurityDescriptorField"
. What is actual format, in which this information should be returned?
If there are many users/AD groups that have permissions to read the data - how are the users list returned? (eg.: domain\login, od SIDs, or else? how are they delimited?)
I want to crawl external data from OData service and I need security information, so that the index has security trimming info, but I don't know how it is implemented.
解決
That field is the name of a property of your entity, which returns a byte-encoded (byte[]) representation of the encoded claims.
Here's a great example: https://blogs.msdn.microsoft.com/security_trimming_in_sharepoint_2013/2012/10/29/creating-custom-connector-sending-claims-with-sharepoint-2013/
Format as quoted from above link: The encoding is done according to the protocol documentation where:
- The first byte signals an allow or deny claim
- The second byte is always 1 to indicate that this is a non-NT security ACL (i.e. it is a claim ACL type)
- The next four bytes is the size of the following claim value array.
- The claim value string follows as a Unicode byte array. – The next four bytes following the claim value array, gives the length of the claim type
- The claim type string follows as a Unicode byte array. – The next four bytes following the claim type array, gives the length of the claim data type
- The claim data type string follows as a Unicode byte array
- The next four bytes following the claim data type array, gives the length of the claim original issuer
- The claim issuer string finally follows as a Unicode byte array