Supporters of End User
Web

SharePoint - [Me] = Easy Item Level Security

 
Item is currently unrated. Press SHIFT+ENTER to rate this item.1 star selected. Press SHIFT+ENTER to submit. Press TAB to increase rating. Press SHIFT+ESCAPE to leave rating submit mode.2 stars selected. Press SHIFT+ENTER to submit. Press TAB to increase rating. Press SHIFT+TAB to decrease rating. Press SHIFT+ESCAPE to leave rating submit mode.3 stars selected. Press SHIFT+ENTER to submit. Press TAB to increase rating. Press SHIFT+TAB to decrease rating. Press SHIFT+ESCAPE to leave rating submit mode.4 stars selected. Press SHIFT+ENTER to submit. Press TAB to increase rating. Press SHIFT+TAB to decrease rating. Press SHIFT+ESCAPE to leave rating submit mode.5 stars selected. Press SHIFT+ENTER to submit. Press SHIFT+TAB to decrease rating. Press SHIFT+ESCAPE to leave rating submit mode.
Categories: 

Jeff JonesGuest Author: Jeff Jones
SharePoint on a String

Ever wanted item level security in SharePoint without the headaches? It’s easier than you might think. 

Business Goal:

Provide a personalized dashboard where application owners can confirm they still need the system access they have. This access review should be quick and easy, so limiting the display to only records they need would be great.

Technical Design:

SharePoint custom list with a multi-person column (“team”) and view filter [Me] to display only your records. The multi-person column can hold any user in the User Information List of your site collection.  If you don’t see someone’s name here you will need to first grant them permissions (i.e. Contributor) and then come back to edit.  The permission grant will register their name into the site collection so you will see it in the drop down menu. Despite having multiple values the =[Me] filter works perfectly to match only records where the visitor’s name is listed. You can also use DataSheet edit mode here to fill down (or copy/paste) and update many records quickly. Generally on a project like this many records will have a common “team” of people to review.

Action Steps

  • Create custom list with your columns plus a multi-person column “team”
  • Grant site permissions
  • Populate the list. For “team” select people who will see/edit their own records.
  • Modify the default view, add filter “team=[Me]‘”
  • Test with a few pilot users
  • Send one email with the link and everyone will see a personalized list when they visit.

NOTE:  “security through obscurity” is not a best practice for highly sensitive or confidential data.  If the data has a firm require to not be viewed by a third party you’ll want to implement SharePoint’s true item level security feature. http://www.codeplex.com/SPDActivities  has a great action step for granting security that can help automate to create a sustainable and reliable security enforcement. (thanks to @unclepaul84)

Video Walkthrough (03:39)

How to build the sample list in full step-by-step video with a demo of the final working product.


[Me] = Easy Item Level Security from Jeff Jones on Vimeo.

Jeff JonesGuest Author: Jeff Jones
SharePoint on a String

Jeff is a SharePoint developer and administrator in Chicago, IL.   He enjoys whiteboarding, peer coding, and being creative with software.  He has over 6 years of SharePoint experience and holds MCSE and MCTS certifications.

[tweet]

Comments

MessengerBoy

SharePoint – [Me] = Easy Item Level Security

The items will be viewable to everyone who sets up an email alert or subscribes to an RSS feed for the list. Right?

Posted 10-Mar-2010 by MessengerBoy
James

SharePoint – [Me] = Easy Item Level Security

Hi,

If a user create's a personal view of the list, the documents will not be filtered unless they are also include the "team = [me]" filter.

A custom or modified permission level could also be implemented here to stop users from creating or modifying personal views on the list or library ( disable the "Modify Personal Views..." permission ).

Thanks

James

Posted 11-Mar-2010 by James
Jeff

SharePoint – [Me] = Easy Item Level Security

Hi MessengerBoy. Yes, the items would be visible over RSS or Email Alerts. The [Me] filter is mainly about personalization, not sensitive data. Just making it easy to find your records.

Hi James. Yes, modifying the security of the parent list (or site) could block sophisticated users from creating their own view. The sentiment is similar to the above. The goal here was a personalized report, not rock solid security, so if they want to personalize it would generally be OK with me.

For both questions to get 100% solid security you'll just want a little XOML Workflow in SPD using http://www.codeplex.com/SPDActivities to grant permissions during new/change. =)

Thanks for the comments and questions!

Posted 13-Mar-2010 by Jeff
Els

SharePoint – [Me] = Easy Item Level Security

I have made a list with a column Name to be able to add the me filter. For 2 employees I cannot select the name because trying to add their names in datasheet view I get a message that their names are not avaliable. What's going wrong?

Posted 14-Apr-2010 by Els
Anil

SharePoint Group Name?

Hi,
 
Does the [Me] function work if a SharePoint Group Name is selected in the people picker.  For new items created, I wanted to just select a group name instead of the individual names each time.  This way as new people get added to the sSharePoint group it will automatically pick up the user rather than change each record every time.

Posted 12-Jul-2012 by Anil
Lenore

thank you!

This is just what I was looking for!

Posted 29-Jan-2013 by Lenore
Jay Tyo

My ID

How do you code the filter value if what you are filtering against is a text field with your network userid?

Posted 07-Feb-2013 by Jay Tyo
Steve McC

Using [Me] filter when others create item

HI Jeff. This is good but I have another related question.  I am building a Leave request system. I have leave calendar for input with a me] filter. If the person is unable to create their own item and the supervisor adds the person, is the [Me] still be of use?

Posted 09-Apr-2013 by Steve McC
puneet

Not [Me] Condition

Hi
 
How to apply Not [Me] condition.
example:
NameList contains Not[Me] , something like this.

Posted 15-Jul-2013 by puneet
Michael

Hierarchy

Is it possible to have a similar filter that allows anyone higher up in the user hierarchy to see items? For example, if I chose a particular name in a people picker I would want users that they fall under in the hierarchy to be able to see it as well, but no one else.

Posted 28-Feb-2014 by Michael
Michael

Hierarchy

Is it possible to have a similar filter that allows anyone higher up in the user hierarchy to see items? For example, if I chose a particular name in a people picker I would want users that they fall under in the hierarchy to be able to see it as well, but no one else.

Posted 28-Feb-2014 by Michael

Notify me of comments to this article

E-mail:
   

Add Comment

Title:

 
Comment:
Email:

   


Name:

 
Url: