How to Prevent Access to Sensitive Information

How to Prevent Access to Sensitive Information

hw12014.jpgAssuming that you have a corporate portal with sites for projects, clients, divisions, etc. In the portal structure, you want only users who are members of the “Financial” and “Management” SharePoint groups to access the Financial Site and keep out users who are not members of either group.

The following steps describe how to redirect users who are not members of the Financial or Management groups to a warning page, and thus control access to the financial information of the company.

Step Action Result
1. Using the Site Actions button, create a new page to redirect users to. Save the page as GoAway.aspx or anything you wish to name it.

In SharePoint 2013, your site actions button looks like a gear icon on the top right of your page.

Typically, new pages are housed in your Site Pages library.
2. When you create a new page, SharePoint takes you there immediately. Enter the warning message directly on the page and save it. GoAway.jpg
Icon-TipProvide the reader with some context as to why s/he arrived at this page; perhaps the site is not restricted but certain pages within the site are and the user hit an unrestricted area. Include a link to take him/her to a different site or a different page. Add some information if it is relevant to your environment about how to gain access and why their access is restricted.
3. Add Group Redirect to your new page and configure it to redirect users to your warning page. RedirectTo.jpg
You could also redirect users to a completely different site by entering the URL to the other site in the Redirect to: box.
4. Log into the system as someone who is not a member of the Financial or Management group to test access to the financial page. You will be redirected to the GoAway.aspx page.

The OR logic operator allows us to redirect everyone who doesn’t meet a very specific set of criteria, in this case, membership in both the Financial and Management groups. Here’s a visual representation of how each rule is applied.
By the time the Web Part reaches the final step, the only users who haven’t been redirected are members of the Financial group. Using AND/OR logic, you can direct very specific groups to different sites – and by using the Add More Criteria button, you can create as many rule sets (and therefore as many unique redirects) as you need.

Establish an Active Directory Connection for Group Redirect

Establish an Active Directory Connection for Group Redirect

Return to Configuration Overview
Step Action Result
1. Edit the page and edit the web part from the drop-down menu in the upper right corner to reveal the tool pane. If not visible, expand the Group Redirect Configuration section. DomainName.jpg
2. Enter a fully qualified domain name (such as domain.local) in the Domain Name field.
3. Enter an existing Active Directory account name and corresponding password into the Account Name and Password fields, respectively.
4. Click Connect.

Create Group Redirect Rules Criteria

Create Group Redirect Rules Criteria

Return to Configuration Overview

Rules Criteria determine exactly who is redirected, and where they’re redirected to. You can create as many criteria as you need.

Step Action Result
1. Under the Redirect Rules Criteria section of the tool pane, select Is or Not from the left-most drop down box to determine whether the rule includes or excludes the criteria you will select.


NOTE: If you plan on using AD groups in any of your rules, you’ll need to establish an Active Directory connection, as explained in the previous section.

2. From the next drop down box, select SP Group or AD Group to apply the rule on either a SharePoint or Active Directory group, respectively.
3. From the right-most drop down box, select the group to apply the rule to.

This drop down will automatically populate with SharePoint or Active Directory groups once you’ve made a connection (described in the previous section) and finished Step 2.

When selecting an Active Directory group, type the first letter of the group you want to add to display all groups that begin with that letter, as pictured here.

4. Enter the destination URL in the Redirect to field. At this point, you now have a functioning set of criteria. However, criteria can also use AND/OR logic, enabling you to apply them to multiple groups or users who belong to a specific combination of groups.

To add another group to the rule :

Click Add More Groups. An AND/OR dropdown appears next to the current rule, and a new rule appears below it.

Fill out the new rule’s fields just as you did for the first one, and select a logic type. Choose And to apply the redirect only to users who match both rules; choose Or to apply the redirect to users who match either rule. If necessary, you can continue to add groups to the rule and modify them in this way.

To create an entirely separate rule, click the Add More Criteria button located below the current rule.

  • Note that if you have created more than one set of criteria, Delete Criteria will appear next to Add More Criteria. To remove an entire set, click Delete Criteria.