Reputation: 1
Control sharepoint user access to view uploaded files
I have a sharepoint site which many users will connect and upload confidential files. So I want to make the files uploaded by 1 user only visible to that user and the site admins. So that this way users won't be able to see the files uploaded by other users.
Is this possible?
Cheers, Derek
Upvotes: 0
Views: 231
Answers (1)
Reputation: 7059
On Lists: Use Item-Level Permissions
SharePoint has a built-in feature called "item level permissions" that can be enabled on lists to prevent users from viewing each others' items, which is useful for surveys and forms that might contain confidential information, but this functionality is not available on libraries (which contain files/documents).
On Libraries: Use Draft Item Security
As an alternative, you can use content approval and draft item security. With major and minor versioning enabled along with content approval (found in the Versioning Settings page under Library Settings) you can set it so that only users who can approve items (along with the authors of the items) can view them. The downside of using this approach to control documents is that an administrator might "approve" a document, thus making it visible to all users.
Security through Obscurity
You can mitigate this risk somewhat by obscuring the visibility of documents that were not uploaded by the current user. Do this by ensuring that the default view of the library is filtered to only show documents where Created is equal to [Me], so that people only see their own documents. You would also need to remove any other views on the list, and ensure that users do not have permission to create new personal or private views. For admins to then see documents besides their own, you can set up a page with a list view on it (the list view on the page can be customized to show more items than the views that are attached to the list), and set permissions on that page so that only the desired admins can access it. You'll also want to ensure that documents in the library do not appear in search results.
In the long run, you'd be better off converting the confidential information collection process to use a SharePoint list instead of a SharePoint document library, as anybody can bypass the above "security by obscurity" with a little JavaScript or URL manipulation. The "item level security" configuration option on SharePoint lists is more foolproof.
Alternative: Event Receiver
Finally, you could also use server-side code to develop an item created event handler (code that executes whenever an item is created) that breaks permission on the item and sets it so that only the current user and the admin group has access to view it. This sounds great, but it can be very messy in the long run, making permission management a nightmare and increasing technical barriers to upgrading your SharePoint environment to future versions.
Upvotes: 1
Related Questions
- protect wordpress uploaded files access from non-logged-in users?
- WordPress: Restrict users to see only their uploads
- Upload files to a folder that only logged in users can read php
- How to allow users and admins to upload files and view all uploaded files in Drupal?
- How to restrict some users and public from accessing uploaded files using php yii framework
- how to protect images inside upload folder from viewing by anyone EXCEPT admin
- How to secure user uploaded files
- PHP owner based file access protection
- How to restrict access to file so only owner can access?
- Per-user permissions for Drupal file upload