SharePoint – [Me] = Easy Item Level Security
Guest Author: Jeff Jones
SharePoint on a String
Ever wanted item level security in SharePoint without the headaches? It’s easier than you might think. 
Business Goal:
Provide a personalized dashboard where application owners can confirm they still need the system access they have. This access review should be quick and easy, so limiting the display to only records they need would be great.
Technical Design:
SharePoint custom list with a multi-person column (“team”) and view filter [Me] to display only your records. The multi-person column can hold any user in the User Information List of your site collection. If you don’t see someone’s name here you will need to first grant them permissions (i.e. Contributor) and then come back to edit. The permission grant will register their name into the site collection so you will see it in the drop down menu. Despite having multiple values the =[Me] filter works perfectly to match only records where the visitor’s name is listed. You can also use DataSheet edit mode here to fill down (or copy/paste) and update many records quickly. Generally on a project like this many records will have a common “team” of people to review.
Action Steps
- Create custom list with your columns plus a multi-person column “team”
- Grant site permissions
- Populate the list. For “team” select people who will see/edit their own records.
- Modify the default view, add filter “team=[Me]‘”
- Test with a few pilot users
- Send one email with the link and everyone will see a personalized list when they visit.
NOTE: “security through obscurity” is not a best practice for highly sensitive or confidential data. If the data has a firm require to not be viewed by a third party you’ll want to implement SharePoint’s true item level security feature. http://www.codeplex.com/SPDActivities has a great action step for granting security that can help automate to create a sustainable and reliable security enforcement. (thanks to @unclepaul84)
Video Walkthrough (03:39)
How to build the sample list in full step-by-step video with a demo of the final working product.
[Me] = Easy Item Level Security from Jeff Jones on Vimeo.
Guest Author: Jeff Jones
SharePoint on a String
Jeff is a SharePoint developer and administrator in Chicago, IL. He enjoys whiteboarding, peer coding, and being creative with software. He has over 6 years of SharePoint experience and holds MCSE and MCTS certifications.
The items will be viewable to everyone who sets up an email alert or subscribes to an RSS feed for the list. Right?
Hi,
If a user create’s a personal view of the list, the documents will not be filtered unless they are also include the “team = [me]” filter.
A custom or modified permission level could also be implemented here to stop users from creating or modifying personal views on the list or library ( disable the “Modify Personal Views…” permission ).
Thanks
James
Hi MessengerBoy. Yes, the items would be visible over RSS or Email Alerts. The [Me] filter is mainly about personalization, not sensitive data. Just making it easy to find your records.
Hi James. Yes, modifying the security of the parent list (or site) could block sophisticated users from creating their own view. The sentiment is similar to the above. The goal here was a personalized report, not rock solid security, so if they want to personalize it would generally be OK with me.
For both questions to get 100% solid security you’ll just want a little XOML Workflow in SPD using http://www.codeplex.com/SPDActivities to grant permissions during new/change. =)
Thanks for the comments and questions!
I have made a list with a column Name to be able to add the me filter. For 2 employees I cannot select the name because trying to add their names in datasheet view I get a message that their names are not avaliable. What’s going wrong?