MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Support for permissions on views (MOSS)

  Asked By: Martina    Date: Mar 25    Category: MOSS    Views: 5391

We'd like to apply permissions & permission groups to individual list views with
the same flexibility as one can apply permissions to list and DocLib objects.

Any thoughts, methods, 3rd party add-ons to do this?



10 Answers Found

Answer #1    Answered By: Babita Rajak     Answered On: Mar 25

As far as I know this can't be done.

Answer #2    Answered By: Erica Lewis     Answered On: Mar 25

are you looking for column level permissions  ?

Answer #3    Answered By: Marquise Farley     Answered On: Mar 25

There is nothing built-in to SharePoint that will allow securing Views.
Since normal users (Those with Contribute permission  level) can create their
own views  duplicating whatever is in a secured view this is a fruitless
exercise unless the system is locked down to prevent users from doing
anything. Having said that, the only real way I can see to do this would be
to write an event handler for the list  that would check what view was being
opened whenever an item was accessed and cancel the request if the view
wasn't one of the "permitted" views.

Answer #4    Answered By: Gargi Mehta     Answered On: Mar 25

I had this requirement myself and this is what I did:

1. Create a document library for web part pages.
2. Add a web part page for each view.
3. When finished, go into the web part page library and assign permissions  to
each web part page.
4. I then only expose the web part pages (in the Quick Launch menu)Â to the end

Answer #5    Answered By: Radhika Vora     Answered On: Mar 25

if the user knows how to type in the address of the AllItems.aspx page
in the library itself then they have access to create any views  they want. This
will work, but its obfuscation and not true security.

Answer #6    Answered By: Harshit Nerurkar     Answered On: Mar 25

There is a CodePlex project that lets you set permissions  on list  views, as well
as configure the different default views  for different users. See

Answer #7    Answered By: Yvette Lyons     Answered On: Mar 25

This is also security by obfuscation. It doesn't actually secure the views.
It applies security to the dropdown list  of views  on the normal page. If
you know the name of the view or the create page you can still get to any
view or create your own. For most people it will be a sufficient solution,
but it doesn't really secure the views themselves.

Answer #8    Answered By: Cecelia Gilliam     Answered On: Mar 25

I should have mentioned that there is also a CodePlex project by the same person
to apply permissions  to columns.

I think you are correct for contributors that it is security by obfuscation, as
they can create public or personal views  that include more columns.

Whether it is true for readers depends on whether it blocks direct access to the
view pages that you don't have permissions to, which I would assume it does (but
would need to be tested). However, even they could presumably still access
"restricted" information through another route such as web service calls?

I think though you could achieve pretty strong security by making users
restricted readers, by only surfacing the data you want them to see on web part
pages, with personalisation disabled?

Answer #9    Answered By: Pramod Jituri     Answered On: Mar 25

you should be able to accomplish this with audience, give that a try

Answer #10    Answered By: Daya Sharma     Answered On: Mar 25

Well, yes & no. What we REALLY want is both permissions  on views  AND
persmissions on columns. Hmmm - does the former (if real ala Paul's comments)
imply the latter? I guess so.

Anyway, thanks for point out that the codeplex 1/2 solution is really only
obsfucation (SP?).

Didn't find what you were looking for? Find more on Support for permissions on views (MOSS) Or get search suggestion and latest updates.