2 Stage Recycle Bin and recovery thoughts
Got a question today about how to think about the recycle bin. Here are some thoughts.
Actually by default there are 2 stages of the recycle bin with built in retention policies and flushing built in by default. You don't have to do anything to take advantage of the end user item and list recycle bin functionality.
The first stage is the user recycle bin. This user recycle bin will automatically be deleted after 30 days by default and is configurable. You can even turn it off at the web application level. Items in the first stage recycle bin count against the quota.
At this first level both the user and the site collection administrator(s) can restore the deleted item or list.
The second level is a special stage where if a user deletes an item and deletes it out of their recycle bin, they don't have the ability to restore it, and it does not count against their quota. This stage can only be restored by the site collection administrator(s).
From a process/operations/security perspective this works very well. If it doesn't work for you there are a lot of settings around retention policies for how often they are "cleaned up" how large they can be, but not around special security for restore. A users recycle bin is his own.
There are audit settings (policy settings on the list) and audit logs (and cool reports in excel pivots in the site collection reports) which would allow you to see who has deleted an item or list. So the auditors themselves should be focused on that side of things. If some item needs to be permanently deleted then this task would need to be performed by a site collection administrator who would have the ability to delete the item and then remove it permanently from the second stage. The only way could then get the item back would be through a restore of the database from Tape or other recovery solution.
Warning: The most common mistakes I see with the recycle bin...
1. Deleting items and thinking they are being deleted (and hence not counting against quota). I had a personal experience with this.
2. Going to the site collection recycle bin to look for an item a user deleted out of their own recycle bin and not seeing it (thinking you are looking at the site collection recycle bin. By default you'll see your own recycle bin even if you're the site collection admin or farm admin.) You have to click to change the view to make it the entire site collection. Note they made it tough to delete all things out the 2nd stage because this is where it counts.
3. People that change the defaults often do so unnecessarily or get into trouble. The defaults are actually pretty good best practice, it also isn't that much disk space being used.
If you do need to empty all recycle bins you can turn it off at the web app level, this will empty all of them in the web app.
Ben Curry has some thoughts on the recycle bin as well as a link to where it is in the central admin (FYI it's in the web application settings for your content web application) on the application tab in central admin. This developer blog has some very detailed information about what happens in the content db related to the recycle bin.
What about Sites and Site Collections? Microsoft IT has built a site delete capture Feature, and a site life cycle management tool for both capturing deleted site collections and sites and first backing them up to disk. Both of these tools are on the SharePoint Governance Codeplex Tools site. They each have settings and control to set retention policies, rules, etc...
Curious about storage requirements for the recycle bin?
Here's MS IT's current numbers:
2007 Recycle Bin Feature Usage
9850 Site Collections Using Recycle bin
845 GB of storage used for feature
This translates into a 5-10% storage overhead for something that previously was resulting in daily support calls.
Third parties involved in this space that extend what can be done with a simple recycle bin. (Site recovery and single item recovery)... AvePoint and Commvault.
