How to Prevent Access to Sensitive Information

How to Prevent Access to Sensitive Information

hw12014.jpgAssuming that you have a corporate portal with sites for projects, clients, divisions, etc. In the portal structure, you want only users who are members of the “Financial” and “Management” SharePoint groups to access the Financial Site and keep out users who are not members of either group.

The following steps describe how to redirect users who are not members of the Financial or Management groups to a warning page, and thus control access to the financial information of the company.

Step Action Result
1. Using the Site Actions button, create a new page to redirect users to. Save the page as GoAway.aspx or anything you wish to name it.

In SharePoint 2013, your site actions button looks like a gear icon on the top right of your page.

Typically, new pages are housed in your Site Pages library.
2. When you create a new page, SharePoint takes you there immediately. Enter the warning message directly on the page and save it. GoAway.jpg
Icon-TipProvide the reader with some context as to why s/he arrived at this page; perhaps the site is not restricted but certain pages within the site are and the user hit an unrestricted area. Include a link to take him/her to a different site or a different page. Add some information if it is relevant to your environment about how to gain access and why their access is restricted.
3. Add Group Redirect to your new page and configure it to redirect users to your warning page. RedirectTo.jpg
You could also redirect users to a completely different site by entering the URL to the other site in the Redirect to: box.
4. Log into the system as someone who is not a member of the Financial or Management group to test access to the financial page. You will be redirected to the GoAway.aspx page.

The OR logic operator allows us to redirect everyone who doesn’t meet a very specific set of criteria, in this case, membership in both the Financial and Management groups. Here’s a visual representation of how each rule is applied.
By the time the Web Part reaches the final step, the only users who haven’t been redirected are members of the Financial group. Using AND/OR logic, you can direct very specific groups to different sites – and by using the Add More Criteria button, you can create as many rule sets (and therefore as many unique redirects) as you need.