none
Library and List View Level Permissions

    Question

  • Hello, I have a site with several document libraries and lists, each of which contain content that is suitable for different types of publication.  Some content may be viewed publicly by site visitors, some content must only be accessible to internal users.  It isn't feasible to split the content into separate libraries, because this would result in significant duplication and possible workflow errors. I've created a control column which holds a publication control value and I've created filtered views based on this control.  Data partitioning works perfectly, but I'm not able to find a way to prevent external site visitor from accessing and switching to sensitive, internal views. Site visitors have limited read access (although I have also tried setting view access), but nothing prevents the view selection options in the top bar, even if the view is embedded on a page as a web part.  I need to find a way to hide internal views from site visitors or to completely hide the top bar feature that allows view switching.  Can someone point me in the right direction, please?... is it possible to remove permissions for a particular permission group at view level?  Thanks
    mercredi 16 mai 2018 16:22

Toutes les réponses

  • There is no way to apply permissioning to views, only to content.  Your only real choice is to create a workflow (or event receiver if on-premises) to change the permissions on the content items themselves based on the publication control column.

    Paul Stork SharePoint Server MVP
    Owner/Principal Architect: Don't Pa..Panic Consulting
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as 'answered' if this solves your problem.

    mercredi 16 mai 2018 16:30
  • Hello Paul,

    Thank you for your updates.  I suspected this might be the case.  It's a dreadful shortcoming in the permissions hierarchy concept. Is there any particular flow template you would recommend I use as a basis for this type of workflow?

    I don't suppose it's generally possible to hide the entire top bar feature that allows view selection from a particular permissions group?...this would also be a simple solution to my problem.

    Lisa 

    jeudi 17 mai 2018 08:14
  • The problem is that even if you could restrict certain views to specific groups of users, in general every user has the ability to create their own custom views.  So even if you restrict their ability to view certain predefined views they can create their own.

    It is possible to remove the top bar using Javascript, but that's still not a real answer since users can navigate to a particular view using specific query strings.  So that would prevent a casual user from seeing something, but isn't really security.

    I've done this with SharePoint 2010 workflows or event receivers (on-premises) but haven't really tried it using Flow, so I don't have a template I can recommend.  One other possibility would be to use the ViewFormLockdown feature.  This is a Publishing related feature that limits lower permission users to viewing the contents of sites as presented by Pages in the pages document library.  By creating custom pages and embedding a listview web part you could limit users to a specific view.  Its kind of overkill, but it might do what you want depending on what else users do in the site.


    Paul Stork SharePoint Server MVP
    Owner/Principal Architect: Don't Pa..Panic Consulting
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as 'answered' if this solves your problem.

    jeudi 17 mai 2018 12:27
  • Thank you, Paul.  I've found a work around by applying a minimal level of unique permissions at folder and file level and by limiting a web part view on a wiki page.  It's not a perfect solution, but it does mean that, even if other views are available to select, the content visible within them to site visitors is always equal.  This also resolves the issue of users being able to select "Site Content" from the settings cog, because they will only be able to view site contents to which they already have permission.  

    I've encountered a new permissions error today.  I have an "Admin" library accessible to Site Owners only.  There is a quick launch menu item in the left navigation bar to this, under which I've created various menu links to facilitate administration.  Last week, because these menu items were nested beneath the ADMIN library link, nothing was visible to site members.  This week, it seems that the ADMIN menu item link and all sub-links are now visible to site members (although clicking on the Admin library link reveals nothing. Are permissions failing to trim because permission inheritance has been broken for sub-links, perhaps?

    Thanks

    Lisa


    mercredi 23 mai 2018 11:32