Suposse I have a doc lib and I want that files in my library could only seen by me.
No access to farm admin
No access by web services
Any ideas?
What’s your use case for this? If I were that farm admin, I would tell you to host your files elsewhere.
Not possible but you can track if he is trying to access the docs.
Use separate service accounts for All Services according to MS best practices.
As was mentioned auditing and notifications of changes in site collection administration can be used to monitor changes in site collection administration access. The farm administrator does not, by default have access to any site collections, but has access to add site collection administrators to the Site Collection from Central Admin. That is where auditing comes in, with a proper audit trail and policy in place you will see (and be notified) of changes in access, but it won’t stop the access.
The only issue with this approach is that the document name can actually give away the nature of the sensitive content. 🙁
Hi Fernando,
Not sure if this is still an issue for you but there is a security module for SharePoint 2013 and SharePoint 2010 that stops a Site Collection Admin [and Farm admin] viewing sensitive content.
The second video on the right of the page demonstrate this.
[Link fixed]
