Managed metadata and permission at deep level

Question

Hello,

We are building document management system for our organization.

Currently the documents are stored in the folder hierarchy on the file share.

Like

Company

---------HR

---------------CV

---------------Training

---------IT

---------------iPhone

---------------.NET

---------------Engineering

----------------------Auto CAD files

 

You can see there is third level hierarchy is there. I have seen that people are saying that don't create folder in the document library.

So, I have created the managed meta data term set and tag the document accordingly.

 

All thing went well, but now our management is asking to have permission on the deep level. I meant some group does not have rights on Auto CAD files (its in Company--IT--Engineering--Auto CAD files.

How can we achieve this kind of permission level without using the folders or document set?

Thanks in advance.

 

Regards,

Devubha Manek

 

Answer 1

Hi

The first thing that comes to my mind after reading this is Target Audience.

Enable Audience targeting from library settings. This will add another column to your library where you can mention the users or the group of users will be able to view this item.

Another option you have is to configure a workflow in SharePoint designer which will remove the permissions on the item for user or a group based on the value for the metadata column.

Answer 2

Hello Naveed,

 

Thank you for providing information.

 

As per my knowledge Target Audience are not for security trimming. It's for admin to decide which content should be preset to which audience.

If someone has SharePoint knowledge they can bypass the audience targeting setting.

Regarding the workflow solution, I have to hard code the thing in the workflow for the metadata column so, after ward if admin change his mind or want to add new group to this permission then this will be difficult.

Can you suggest any other alternative?

 

 

Answer 3

Hello,

Another alternative could be a custom developed workflow that checks the hierarchy path of the terms beforehand and then determine whether to execute the action to remove permission.

Thanks & Regards.

---

Lily Wu || Microsoft Online Community Support Engineer || SharePoint

Answer 4

Hi Devubha

I'm in the same situation, using Managed Metadata and now a number of request have been made to lock down certain files to specific users. most of these files have the same metadata associated with them though.
The advantage with a folder or document set is that any files within inherit the parent permissions, this way i dont have to individually set file permissions..

Did you find a satisfactory answer to your question ?

Thanks

Answer 5

Another option that comes to mind would be to use folders to secure the files, however, within your views display the files without folders.