SharePoint Online / Office 365 - Column Level Security - Issues And Possible Options

In one of our SharePoint online projects in one list we need to store the server details and their passwords. Since the list contains the passwords for the servers, password column value will only be visible to the IT admin. The est of the other IT people / users can see other server details but not the Password column values. So we need to find the way to implement the column level security. We need to set the permissions on the Password column.

SharePoint Restrictions / Problem: By default SharePoint does not support the column level permissions. SharePoint only supports unique permissions until item level. So OOBin this scenario is not possible. Also since we have SharePoint online and not on premises there is no option to write the custom field type.

Solution / Approaches :

  1. Target Audiences:

    i. Creating separate new view and adding Password column only in this view.
    ii. Setting the Target Audiences property for the list viewer web part on this view page as

    target
             Figure 1 : Target Audiences

    So that users who don't have permission couldn't see any content on this view.

    Problem with this approach: But one possible problem with this approach is if column is added in another view where Target Audiences is not set, then in another view all users can see the Password column values.

    When this approach is useful : This approach is useful when there is no other admin for the site. There is only one admin who created the new view and set the Target Audiences. In this scenario there is no problem with this approach. Since no other admin will add the column to the view.

  2. Using Password column as Look Up column :

    Use Password column as a Look up column from another new list . In our project we are using this approach.

    Following are the steps:

    i. Consider our main list which has Server details and in this list we need to implement column level security for Password column - call this list as ListA

    ii. Create a separate list for the values of Password column. Add the Password column in the list which we want to make secure - call this list as ListB (Lookup list)

    iii. Add all the possible values of Password column as list items in ListB

    iv. Break the inheritance of ListB

    v. Give the permissions to only users who we want to see the Password column values in ListA

    vi. Add the above column as a look up column to our main list ListA

    vii. Now when user will visit the main list ListA only users who has the permissions to the look up list ListB, only those users can see the values of look up column in ListA.

In this way we can have the Password column secured. This is the easiest approach to implement the column level security.

The only problem with this approach i the Look up column, say for example if we need to add  a new password then we need to add it first in ListB (look up list) and then we can use that password in ListA (Main list).

Thanks!

Enjoy Reading :)

As usual any comment / suggestion / query always welcome.

Read more articles on SharePoint: