Search Wiki:
SharePoint - Secure Field
Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 support a rich security model that allows administrators to control access to sites and content by assigning permissions to users and groups for a specific securable object (such as site, list, library, folder and even an individual document or item).

However, in certain scenarios there is a need to secure access to individual columns in lists or document libraries. Currently, SharePoint does not provide out of the box support for securing columns or views. A typical scenario that would require this might be a list that contains a broad spectrum of information about an employee or a client, where certain columns (salary, revenue to date, potential to promote, etc.) might ideally only be viewable by certain groups within the portal.

To address those scenarios, this paper describes a method to leverage SharePoint extensibility and built-in item to level security to allow applying column-level permissions to a custom field type. This is accomplished through the use of a lookup field as the column, with behind the scenes ties to another list that contains the secure values and a method to provision those values back to the lookup only for users with valid permissions.

The result is that in the view mode authorized users will see the content of a secure column as if it was a normal column, while unauthorized users will not see the content of the column at all. This different behavior is shown in Figure 1. Similarly, only authorized users will be able to access the content of a secure column in new and edit modes.

Demo.jpg

You can read the full article at http://www.infoq.com/articles/Dressel-Gogolowicz-wss-security.
Last edited Nov 24 2008 at 11:12 PM  by Grzegorz, version 8
Comments
panoone wrote  Nov 26 2008 at 8:07 AM  
Great! An interim solution. Thanks so much for providing a method for this much needed functionality.

Any idea as to whether there are plans to get it into the core implementation for next point release of MOSS?

kvirani wrote  Dec 5 2008 at 4:12 AM  
Very nice. Should this work with versioning enabled lists?

mdressel wrote  Dec 5 2008 at 8:57 PM  
panoone and kvirane - I have moved your questions to the discussions area under the "General" topic.

Karthickeyan wrote  Mar 10 2009 at 6:51 AM  
I'm a newbie to SharePoint 2007 and found this nice article however it should be little more descriptive than now...

thatguy2223 wrote  Jul 20 2010 at 7:38 PM  
Please recompile with People Finder AD look-up.
Thank you

ermurri wrote  Oct 13 2010 at 12:39 AM  
Please note that you will have some nasty problems when this code runs outside of a web context as all of the SPSite object creation relies on SPContext.Current.Site.ID. I just hit a bit of a snag when trying to export and import a site collection from development into production because the stsadm -o import operation doesn't run under a web context, so please be careful for those of you considering using this code in production.

iOnline247 wrote  Jan 21 2011 at 1:38 PM  
"Currently, SharePoint does not provide out of the box support for securing columns or views." I wrote a blog post on how to do just that. Albeit, a little late compared to this project, however it's still very relevant.
http://mattbramer.blogspot.com/2010/05/security-trim-list-views-with-ease.html

Cheers,
Matt

feygirrl wrote  Apr 20 2012 at 6:58 PM  
This does NOT work with workflows

jcloud wrote  Aug 10 2012 at 4:14 PM  
This works great, with one exception. In the List View, it is showing a hyperlink to the item in the secured list. I verified that my Field Type's RenderPattern has AutoHyperLink="FALSE". I even added an option to the field type <Field Name="CAMLRendering">TRUE</Field>, because this is SPS2010. I can't seem to affect this List View with any changes/testing I make to this fldtypes*.xml file. Any ideas?

Josh

Updating...
Page view tracker