SharePoint Column/View Permission Gives Great Value for Your Money

Written by Kathryn Birstein. Posted in Security & Governance

SharePoint Column/View Permission, an add-on from BoostSolutions (formerly SharePointBoost), provides functionality that many SharePoint Admins sorely miss:  hidden/read-only columns in lists, hidden/read-only views, setting default views per user or group, etc.

The installation installs a "SharePointBoost Software" section in Central Administration which contains a "License Management Center" and a Site Collection level feature that adds two items to the list and document library settings pages:

  • SharePointBoost Column Permission settings
  • SharePointBoost View Permission settings

Column Permission Settings

To test drive the product, I created a very simple Products list with a lookup field into a Manufacturers list.

1ProductsList

First I created a Column Permission, which the add-on refers to as "Adding a Permission Part", to hide the discount price of the Products for the "Team Visitors" group, which has read-only access. This is done by simply clicking checkboxes in the "Add Column Permissions" dialog box. Since the "Team Visitors" group has only read rights, I only need to check "Hidden" for the "View Item Form". Note that you can exclude as well as include users and groups and "read-only" is available as well as "hidden" for Edit View Forms.

1AddColumnPermissionForm

Now, when I log in as a user in the "Team Visitors" group, the discount field has disappeared:

1ProductsListWithoutDiscoun

Note that this permission part would work exactly the same in a document library with one important difference: if the user opens the document in a client application like Word, the hidden field will be visible in the metadata on the File Info page. However, on the plus side, the permission settings also work with SharePoint Alerts.

Another potential issue is that the hidden metadata will be visible in Search results, although you can work around this by excluding the lists and document libraries from the search crawl.

Finally, another thing to keep in mind is that if you include Lookup fields in your list with additional fields, like I've done in my Products List with Wholesaler:City and Wholesaler:State, you can hide the Wholesaler field itself but there is no way to hide the additional fields because they are not the linking field and therefore do not appear in the "Add Column Permission" dialog box.

1LookupUpAdditionalFieldsPr

The real power of Column Permissions, however, is the ability to add complex conditions to the permission settings. In "Advanced" mode you can build a condition with four popup dialog boxes: Column, Constant, Function, and Operator.

1ConditionBox
This is particularly useful for on-the-fly situations.  Suppose you wanted to allow only one user, Margaret Atwood, to update the price of Oxford Shirts above $30 currently in inventory because she is in negotiations with the supplier on the price.  You could quickly deploy this business requirement by excluding everyone except Margaret and hiding the price field on the "New Item Form" and making it "Read Only" on the "Edit Item Form" with the following condition:

Contains([Product Name]),"Oxford Shirt")&&[Price]>30.00&&[Created]<[Today]

Although this syntax may seem to be a little challenging for SharePoint owners from the business side, it’s really not that difficult since you're choosing all your syntax from the four popup dialog boxes. Although the documentation on this feature on the BoostSolutions site is cursory right now, they are presently preparing new comprehensive documentation with examples which will be available by the end of May, 2013.

The handy "Preview" button helps out when building complex permissions by presenting the permission part in an easy to read format. This view is also available after you finish your permission settings from the "View" link.

1PreviewDialogBox

View Permission Settings

I don't know about you, but I think one of the biggest fails in SharePoint is the inability to assign permissions to views. BoostSolutions to the rescue! Not only can you simulate view "permissions" by making views "Full Access" or "Hidden" but you can choose to disable editing of the view as well as disable the ribbon buttons that appear in view mode.
In addition, you can also set the default view for your user and/or groups, something that has come up many times in my consulting positions. Configuring all of this in the well-designed Permissions Settings dialog box couldn't be easier.

1ViewPermissions

Now, for an example. Suppose the primary editors of the Products list are all in the "Team Members" group which gives them contributor rights. These people are actually salespeople so you create a "Salesperson" view and make that their default view. But you don't want them downloading the data from the lists to avoid the confusion of having the product list in several different formats floating around the office (the classic "Many Versions of the Truth" problem). With View Permissions, to prevent people from downloading the list data you can simply disable the Excel and Access ribbon buttons and voila!, they have to view the data solely from the SharePoint list.

Web Services and API

The frosting on the cake of the Column/View product is the ability to enforce your column and view permissions in SharePoint web services and programmatically. Three web services are supported: lists.asmx, sitedata.asmx and views.asmx.

1WebServices

The API allows developers to integrate column and view permissions into their own code by supporting two interfaces, IColumnPermission and IViewPermission. A 22-page PDF provides documentation of all the properties and methods.

Conclusion

At $899 per WFE  for the full product and $299 for a "lite" version that includes the most essential features, the Column/View Permission pricing is more than reasonable given that building features that do what this product does would take many, many hours of custom development. In addition, the product works for both SharePoint 2010 and SharePoint 2013 so there's no upgrade issue.

1ColumnViewFeatures

 

If you need the functionality that Column/View Permission provides, you owe it to yourself to give it a serious test drive. The trial version will give you a full 30 days to try it out.

Download Product Validation Report (.pdf)

 
Kathryn Birstein
Author: Kathryn BirsteinWebsite: http://www.linkedin.com/in/kbirstein
Kathryn is a SharePoint Architect who has been working with Microsoft technologies for 20+ years and SharePoint for the past six. She has consulted with many companies incl. JPMorgan Chase, UBS, the Federal Reserve Bank, the NYPA & Alliance Bernstein.