How to restrict public access to SharePoint lists using views with filters

13

How to restrict public access to SharePoint lists using views with filters In SharePoint you can either create a personal or a public view on document libraries, lists, and etc. You may come across situations where you need only a few individuals to see a particular view, such as one where all columns are not shown. Currently we are not able to control access to views with security settings. Microsoft may address this in the next release or a service pack. Until that time, here is a workaround that may work in many cases. An example: We have a custom list called Contracts containing software contract information in columns named: customer license type product contract date contract currency contract amount This list already has contract data contained in it. We are required to allow everyone in the Sales Department to see this list. However, the contract amount should be visible only to few management executives. We will assume John Smith and Jane Smith are the two executives in the Sales Department who need to see the list views with the contract amount. First : Set permissions on the list to allow everyone in the sales department READ permissions. This may require you to break security inheritance on the list. Reminder: In SharePoint, if you give READ permission to a list or library, the person will also have READ permission to all public views. This means, by default, everyone is able to see all public views. READ permissions will not, however, allow the creation of public or private views. Next: create a public view (or alter the "All Items" view) of the list that does not include the contract amount. Set it as the default view for the list. Then: we alter our contract list. On the list where you want to restrict access to views to one or more individuals: Create a column called "Restricted users" (This can actually be called anything. Just remember what you called it for later). Column Type = Person or Group Allow Multiple Selections =Yes Allow Selection of = People Only Choose From = All Users (This is the list of Users from your Active Directory) Show Field = Name (Choose this from the drop down) Open up the list in data sheet view.  [List Name]>>Actions>> Edit In Datasheet Scroll to the column called "Restricted Users" (or whatever you called it in Step 1 above). Under the "Restricted Users" column, in the first cell type John Smith;Jane Smith  ( These 2 names should be in Active Directory exactly as spelled, if not find the correct spelling before typing them in here). Copy this cell to the rest of the cells under the "Restricted Users" column and save. Finally:  we create our restricted view  Create a view for this contract list, call it "Contract-Restricted"  or an appropriate name. This view should be created as a public view. Be sure to include the Contract Amount column to be displayed in this view. In the filter section where it says "show the items when" Choose "Restricted Users" from the dropdown list Condition =Is equal to In the text box type [Me] How will it work? The filter essentially looks at the current user logged in sharepoint, if it is John Smith or Jane Smith, the filter condition is met and it returns the result in the "Contract-Restricted" view otherwise the view will not return any result. When non-sales department employees access the list, they will be denied because they have not been given READ permission. When regular sales people log in to the site and select the list, they will see the all items, but not the Contract Amount column, since we removed it from the default view. They will see both the of the public views we created, All Items and Contract-Restricted and be able to choose between them. But, when they choose the "Contract-Restricted" view they will not see any results because of the filter. When John Smith or Jane Smith access the Contracts list they will see the default view like everyone else. However, when they select the "Contract-Restricted" view, they will see results that include the Contract Amount column.