SharePoint 2007 Column Level Security

By on

Leave a comment

SharePoint 2007 (Microsoft Office SharePoint Server 2007 or MOSS) has fantastic security improvements over SharePoint 2003.  One of the many we have been utilizing in our MOSS applications is row level security.  In SharePoint 2003, there was no such thing.  All the records within a list (or library) had the same permissions.  In MOSS, however, you can lock down individual records within lists.  What if you could lock down a column on a record?  This would introduce interesting scenarios when considering how to design your MOSS libraries.

An issue with row level security is that if there are many records in the list, it is a management nightmare.  We typically do programmatic assignment of security roles on row level security, but that is not always practical.  If I could lock a column in a single location, analogous to locking down the list in a single location, then security assignments only occurs in one place.  Depending on what roles you have would determine what columns you could edit.

Column level security is fundamentally not part of the MOSS architecture, so there is indeed to no way to lock down a column as you can a record, list, or site.  But if you provided an application level security mechanism that prevented the column from being modified by the user interface, then that provides base level control of who can edit the column.  This is the tact we took in one our MOSS applications.

We rebuilt the edit control that appears on all the edit list item pages for every list.  The control takes as properties which columns within the list are locked down, and which roles within MOSS are allowed to edit them.  If a user can edit the record, then that can launch the custom edit form (or normal edit form).  If a user is in at least one of the groups specified in the properties of the control, then they have access to the locked down columns.  If they are not in those groups, then the fields are view only.  We setup the control so that if a user was in the Site Owners control that edit access was automatically granted.

 MOSS column security fig 1

Figure One.  Edit view of a site owner.

 

MOSS column security fig 2

Figure Two.  Edit view of a someone who does not have privileges to edit specific columns in the list.

Now that we have the ability to lock down columns in MOSS lists, a whole dimension of MOSS applications can be created.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>