After my earlier rant about people who want to secure their content for no good reason, I thought I would give some suggestions for alternative ways to hide content when it makes sense.
First let me stress that I recognize that some content is sensitive and really needs to be secured. But there is also a lot of content which is not confidential, but which you still may want to hide, to avoid information overload in general. Specific reasons may be:
- The content is only relevant to a certain audience
- You do not want people to influence each other
- You want to allow people to focus on their own content, e.g. in projects or tasks lists
Next to giving permissions there are two other ways to hide content that I know of, but I will be happy to learn new ways!
1. Targeting.
In SharePoint it is relatively easy to target web parts to an audience. You can specify one or more audiences, SharePoint groups or individuals and only they will see the web part.
We have used this especially to target links on the Homepage – in the main navigation, every employee had a link to the Employee Information of his/her country.
2. Configuration.
a. Item-level permissions.
For surveys and lists, you can let people read only the items that have been created by themselves. (Advanced settings). This is nice if you do not want people to influence each other, but not very useful when you want to show the collected information to your audience. I usually apply it only in survey-type occasions.
Item-level permissions in the advanced settings
b. Created by = [Me].
When not using the item-level permissions, I like to use this filter for the default public view. That way people see their own items first and are not influenced by others, and they can not easily edit other people’s content. You can have additional public views showing all contributor’s items, or the process owner can create personal views and use web parts to display content from all contributors.
c. Impossible filters that show an empty default view.
We have used “Created < 01-01-2000” as the only public view to create an empty looking document library, accessible to all employees. The documents were distributed to other (secured) sites via Content Query web parts. Of course, the owners of the documents created personal views to see all documents. The advantage for the content owners was that the owners of the secured sites could manage access for their site.
d. Hidden columns.
In older versions (e.g. SP2007) you can create views without the Edit button, and without the “Name” column instead of “Name (linked to item/linked to document with edit menu)”. This way, your readers will be unable to click on any items to see the complete item. Of course this is useless for Document Libraries, unless you only want to show that the documents are there. (Perhaps this can also be done in SP2010, but since I am the only one in my environment, I have too many rights to test this)
e. Removing web parts in the list or library.
You can remove the system web part of the list or library to avoid anyone seeing the content, including the site owner. I would recommend this only for very specific occasions, since it is very annoying to have to add the web part back every time.
f. Sending people to a non-default page after submitting data.
I often send people to a Thank You page after completing a survey or other data collection, by customizing the link. It is a nice gesture, it confirms that submission has been succesful and it allows you to give more information about next steps. It also hides other people’s responses from view.
I have also sent people from a topsite to a request form in a subsite, and after completion sent them back to the original page in the topsite. They did not have to see other people’s requests, and this way they could continue to do what they were doing in the topsite. Well, you will get the idea; you can use this with all pages within your environment.
How to do it? Your links will normally have this format:
http://IntranetName/TeamSiteName/Lists/ListName/NewForm.aspx?Source=http://IntranetName/TeamSiteName/Lists/ListName/ViewName.aspx
The part before “newform.aspx?” is the “data entry” part of the list, the part from “Source=” the location where people will go after clicking “OK” or “Finish”. You can replace the part after “Source=” with a link of your own choice. Please note this only works when you send a link in an email, use a Links list, or create a button. If you click “New Item” from the list, the link will always use the system format.
Simple Thank You-page
Warning:
- Targeted or hidden content will normally still turn up in Search. People can also see it when they have the link to the information. This is not confidential information, so it is not a problem, but it helps to be aware of it. Do not be afraid that people will go and look for this info – they do not know it is there and they probably do not care if they knew.
- Many people do not understand the difference between targeting (visibility) and security (access/permissions), especially not that you target a web part, but secure a library or list. Be prepared for questions.
- If you are the site owner, but you are not in the targeted audience, you will not see the content, so it will be difficult to maintain the web part. This is especially the case with Content Editor and Summary Links web parts, because they are not represented in the “back-end” of your site, i.e. the page showing all site content. This may occur when you are managing global content distributed over various “country” web parts.
- If you target something and you are in the audience, you may forget that the content is not visible for everyone. Mention it in the web part title as a reminder.
- Remember to discuss any targeting and personal views when handing over responsibilities for a site!
What other ways have you used to hide content without security?
Image courtesy of Willem Siers at FreeDigitalPhotos.net; Post title inspired by Howard Jones’s “Hide and Seek“.
Tagged: confidentiality, Content Management, Design, Security, Team Site, Usability
