none
Where can I store confidential data that the site administrator cannot *read*? RRS feed

  • Question

  • I have some sensitive data that must be stored in my SharePoint farm that I don't want site administrators to be able to read, but I do need to be able to read using elevated privileges and/or system account/web-app-pool account in a code-behind solution.

    Only the farm account needs to be able to update the information.

    So far I can't seem to find anything that's suitable other than a custom DB which is very much a last resort.

    Wednesday, July 22, 2015 2:52 AM

Answers

  • To access CA, your app pool account needs to be Farm Administrator, I believe.

    For Encryption you can store your public/private key in Secure Store Service, or one in secure store and another in property bag of the web. If you use secure store service make sure, your app pool user can access secure store service and you are running code to access secure store with elevated privileges.


    Thanks,
    Sohel Rana
    http://ranaictiu-technicalblog.blogspot.com

    Wednesday, July 22, 2015 4:32 AM

All replies

  • Hi,

    If by Site Administrator you mean 'Site Collection Administrator', then I can think of few options:

    • Save the data in Central Admin. Not a good solution as you need to read/write data from your site collection - which may need some security settings/changes
    • Encrypt data. I think this will be the best option if it's simple text value. However if it's unstructured data (like pdf, word documents), then might not work.
    • Create a new site collection with only admins - farm admin and app pool account. And then read/write using these accounts. However remember, whoever has access to Central Admin can change site collection administrator.

    Thanks,
    Sohel Rana
    http://ranaictiu-technicalblog.blogspot.com

    Wednesday, July 22, 2015 3:52 AM
  • * I tried central admin, but I can't seem to read from it at all, even if I explicitly grant access to SHAREPOINT\System AND to the app pool account and in my code-behind explicitly open the site as that user (with or without using RunWithElevatedPrivileges).  I get a weird error about "There is no web named ''", and I can't read any property bag properties or access any lists.

    * And where do you suggest I store the key? (Indeed, that's sort of the problem I'm trying to solve)

    * Hmm, yeah, I guess I could, but creating a whole new site collection can be pretty expensive, and I'm not sure it will get around the problem of the app pool account and/or System account not being able to access it it.

    Wednesday, July 22, 2015 4:04 AM
  • FWIW, I tried the 3rd option, and it seems as long as I explicitly grant access to the app pool account, it works. So that would mean for every (content) web application in the farm I'd need to create a special site collection just to hold this sensitive data. Given it can take several minutes to create a site collection I'm not sure that's going to fly...

    I will say though given the only people that there's a need to protect data from is site administrators, it's technically sufficient to hide the information in a file in the HIVE somewhere - though I assume it would need a config. timer job to run on every server to update the file (e.g the same way you update docicon.xml)

     

    Wednesday, July 22, 2015 4:17 AM
  • To access CA, your app pool account needs to be Farm Administrator, I believe.

    For Encryption you can store your public/private key in Secure Store Service, or one in secure store and another in property bag of the web. If you use secure store service make sure, your app pool user can access secure store service and you are running code to access secure store with elevated privileges.


    Thanks,
    Sohel Rana
    http://ranaictiu-technicalblog.blogspot.com

    Wednesday, July 22, 2015 4:32 AM