View Permissions can be handy but may not provide the security you think.

A nifty feature in Infowise that's not available in out-of-the-box SharePoint – you can hide views so that they are only available to specific people or permission groups.

It's extremely easy – but if you’re looking to secure information, it might not be the right tool to use.

Here’s an example – In this list, I want to restrict the salesman’s commission information to the managers – I don’t want the salesmen comparing their earnings. The only view with the information is the Manager’s view.

Using the View Permissions functionality, I restricted this view to only people in the Sales Manager permission group.

But although salesmen can’t see the View that contains the commission information, it would still be visible to them if they created a new View or modified an existing one. The data itself is not restricted, only the one view we specified. What you'd really need to do here to make sure the information is locked down is to hide the COLUMN containing the information from everyone but the selected audience.

Luckily, this is another bit of functionality that Infowise provides – see the articles on Advanced Column Permissions. But if that’s the case, why bother with View permissions?

My opinion is that View permissions are much more about customizing and simplifying the user experience than they are about securing information.

What I’ve experienced, especially for large lists with lots of different audiences using lots of different views, is that people get confused about where they’re supposed to be looking. View permissions are part of the way that I reduce the choices and help guide audiences to the specific information they’re after.

Yes, this requires more work:

1. You need to spend the time understanding who your different user audiences are and what they use information for.
2. You need to create security groups that map to the audiences.
3. You need to create Views that return the right results.
4. You really ought to stage those views on pages designed for the audiences and have quick navigation paths to them.

But something I will constantly repeat – you must build your SharePoint site with the needs of the end users in mind.

Once you’ve done the steps above, setting View permissions is just one last task, but one which can make a big difference in the user experience. If there are 30 different views to choose from, some users are going to wind up clicking through them one by one, trying to find the combination of results they’re looking for.

What I suggest is that you create View permissions so that each audience sees only the views that are pertinent to them. And, if it turns out that someone needs a bit more, I’d consider modifying the existing views first, unless it exposes information that will confuse people or create spin.

If they need a view you haven’t included in their permission group, consider adding them to the group that has that view – or even creating a new revised group and adding them to that – before expanding the view permissions for the existing group.

Bottom line: Taking the necessary amount of time and effort is critical to creating a site that will provide the audiences what they need, when they need it.

For more detailed instructions, check out Creating View Permissions in the Tutorials.