SharePoint – Online Security and Security by Obscurity

March 22, 2019

SharePoint Online Security settings are scattered all around… Sad smile

Next problem is that the Online version OOTB might not give you all the security features you need ?

So you will have to apply some tricks to fool the users.

Here is an overview of what is to your disposal ….

SP Security :

SharePoint delivers a Security Model that is a combination of AD user & Groups with SP Users & Groups.

See Managing the Security Model for more info.

These users and “Nested” Groups can be used to secure your Site Collections on different levels


Using Site Settings –> People and Groups and Site Permissions


To set security on different levels

1. Site level
2. List and Library security
3. Record level Security

See here for more info

What is Record level Permissions versus Record level Security, see here for more info.

Setting Record Level Security will also have a performance hit !  So try to avoid it as much as possible.

– Search Security
Via Site Settings you can refine the security on the Search


So let’s say you don’t want to have the users see the search EVERYTHING option




Delete the EVERYTHING from the list.

Disable File and Folder Sharing :


Go to SITE SETTINGS –> Site Permissions –> Access Request Settings


SP Security by Obscurity :

Using Target Audience settings :

This is not a real security because the SP Search will ignore the target audience settings !!

– Hiding List or Document Library records using Audience Targeting :

On the list or Library activate Audience Targeting


You have to use it in combination of the Content Query Web Part

See here on how to.

– Hiding Web Parts using Audience Targeting :

This is done using the EDIT Web Part feature


In the Advanced Section you specify the TARGET Audience user(s) or group(s).

image image

You can use different other settings to HIDE Web Part features from the users

– Select a different VIEW to limit and filter the records shown in the Web Part. And hide the TOOL Bar if needed.


In the MISCELANEOUS section you can hide different sections


Here you decide to hide the Web Part Toolbar and only leave the INLINE LIST SEARCH available.

– Hiding Search options using Audience Targeting


Next you can  set Targeting Audience using SP Groups to limit the search this site feature for certain users.

– Hiding Objects using CSS

Examples to hide the SEARCH box on a site, and more …

<style type="text/css">  
#DeltaPlaceHolderSearchArea {display: none;}
.ms-InlineSearch-SearchStatus {display:none;}
.ms-cui-topBar2 { display : none; }

– Hiding Objects using JQuery, give the same effect.

– Hiding Objects using SharePoint Designer : See below

Tools :

1. SharePoint Designer

Hide Libraries from the all site contents



Use SP Designer Workflows to automate Security settings on Lists and Libraries or Records / Documents

See here for how to.

First activate the Workflows can use app permissions using Site Features


Go to Site Settings –> Site App Permissions


Copy this part of the GUID and insert it in


Go to the Site Collection URL and add this part  “_layouts/15/appinv.aspx”

Workflow App Permissions : See here for the extra steps to complete the whole process

2. PowerShell

Use PowerShell to automate Security settings on Lists and Libraries or Records / Documents

Or to create reports to get visibility on Security.

See here for some good examples

So if you combine all of them, you can go a long way !

But it is important that you have a good security strategy, before starting to build your application.

Enjoy !

SharePoint–Online Publish a Power BI report (Personal Ed.)

January 5, 2018

Ever wanted to publish a Power BI report to SharePoint Online ?

Which is not out of the box functionality (It is for the PRO version of Power BI)


Solution :

Step 1. Get the link of the report

In your Power BI environment go to the report to publish –> File –> Publish to Web


Next copy the link code ….


Step 2. Create a Web Part Page


Add a Page Viewer Web Part


And add the Report link from Step 1.


Step 3. Save the page and see the result




Of course this does not give you all the full features of the Power BI Pro version.

But can be good enough to do some prototyping or publishing BI information.


Bonus is the fact that it will update automatically based on the Power BI Schedule frequency Smile


PS : Keep in Mind that your Tenant Admin needs to give you permission to Publish to the Web





PowerBI – Access SharePoint list data

February 5, 2017

As I showed in a previous post SharePoint is different Interfaces you can use to access as a data source.

So I we know it can expose it’s List data using the  REST or oData protocol.

Open PowerBI and go to GET DATA menu.

Choose OData Feed to connect to your SharePoint data source



Once logged you can choose from your lists



And play around to make your data visible using all the features from PowerBI Smile


Once Finished you can publish your result



Once published you can reach out on the mobile apps.



SharePoint – SSRS Web Part Parameter Issue

January 31, 2015

We had an annoying problem with a published SSRS report in SharePoint that uses a Parameter.

Most likely this appears only in combination with a external data source like an ODBC connection that retrieves data from a data source not within the current domain ?

This strange ‘bug’ I would call it so far is not showing when your run the report from within the Report Designer, but only from within SharePoint.

So I suspect that this is a malfunction in the SSRS front end Web Part.

Problem :

When selecting the first time a parameter in the report, it returns all the filtered data. But when selecting a new parameter value, for the second time, it returns a blank page ? And the parameter box jumps down.


Solution :

After debugging with trial and errors, we found out that if you add a Default Value, in the parameter field, the problem is solved.


If you get the parameter values from a different Dataset, you can also specify the Default Value using the Get Values from a Query option. But this is not needed to make it work.

Just give any valid default value in the Specify Values field will do the job as well.


Again, this problem is not occurring in the Report Designer itself?

So the SharePoint users are happy to see that this annoyance is gone Smile

SharePoint – Interfaces

January 26, 2015

SharePoint has many interfaces, and you tend to get lost in them over time Winking smile

So here is a summary of the most frequently used ones on the output side of SharePoint.

Web Service Interface :

When you want to get the XML response of the list definitions, use this syntax :


This will give you a the SOAP response


Or you can use this syntax :


To get the GUID of a list, just go to the Settings Page of the list, and look at the URL. (Not the VIEW)


To use the GUID you need to do a URL decoding. There are multiple online decoders on the net.

Once you have put it all together the result will look like this.


Here you can find the z:row Nodes and Attributes, you need for JQuery SPServices functions.

REST or oDATA interface



You can add the List Name, after here _vti_bin/listdata.svc/ListName to get the REST interface of that list.

You get an RSS Feed Like this :


Where you have a Search and a few sort options.

URL filter and Sort Options

You can also add filter and sort parameters in the URL, like this :


URL Query interface

Of course you can use the usual Query string interface to pass on variables.

SSRS Interface

When you have the SSRS running in integrated mode you can access the reports using the SSRS URL Parameter Interface.

On the input side you can have as well a database, SOAP and REST connector Interface

Using SP Designer


Example of a SOAP interface

There is of course much more to tell about SharePoint Interfaces and Technologies.

See here on How To : How to Access Data on SharePoint

And as a scripter you have access to most of the interfaces, see here for some examples

Example of accessing the REST interface

More options, see here URL Protocol


SharePoint – Search Slow opening documents

January 25, 2015

At the moment I have an problem in a certain side collection. Where the search result page appears quickly.

But when clicking any of the results to open a document, it takes more then 5 seconds Sad smile

So the next step is to see if a full Crawl of the search database, does not solve the problem.

Solution :

Go to Central Adminstration


Next go to Manage service applications –> Search Service Application


Go to Local SharePoint Sites and select Full Crawl from the dropdown menu.

There are more interesting options in the side menu.

Or you can use PowerShell to do the same.


if((Get-PSSnapin | Where {$_.Name -eq "Microsoft.SharePoint.PowerShell"}) -eq $null)
    Add-PSSnapin Microsoft.SharePoint.PowerShell;
# Get current Status
Get-SPEnterpriseSearchCrawlContentSource -SearchApplication "Search Service Application" | select Name, CrawlStatus

Get-SPEnterpriseSearchCrawlContentSource -SearchApplication "Search Service Application" | ForEach-Object {
    if ($_.CrawlStatus -ne "Idle")
        Write-Host "Stopping currently running crawl for content source $($_.Name)..."
    #    $_.StopCrawl()
        do { Start-Sleep -Seconds 1 }
        while ($_.CrawlStatus -ne "Idle")
    Write-Host "Starting full crawl for content source $($_.Name)..."
    # $_.StartFullCrawl()

After starting the Full Crawl everything was working again Smile

SharePoint – Using JQuery & SP Services

January 24, 2015

If you are developing SharePoint you just can’t get around JQuery and the marvelous SPServices. Especially if you are dealing with SharePoint Web Services.

There are many hits on the internet if you type in these 2 keywords. But nevertheless there are very few post explaining you how to and which approach and tools can help you in your project.

Let’s say you you want to retrieve some Document ID’s & Names from documents linked into a list Form Body Text.


    operation: "GetListItems",
    async: false,
    webURL: "/webs/sitecollection/site",
    listName: "YourListName",
    CAMLViewFields: "",
    CAMLQuery: "1503",
    completefunc: function (xData, Status) {

    // Debug

var liHtml = ""
      $(xData.responseXML).SPFilterNode("z:row").each(function() {

      //  $("#tasksUL").text(xData.responseText); // Debug info 

      liHtml =  "</pre>
	<li>" + $(this).attr("ows_FileLeafRef") + "</li>

<ul id="tasksUL"></ul>

The code above will do so. But the mystery is which is the ows_xxx XML attributes you are looking for to get the File Name appearing in your Form.

Solution :

Uncomment this section in the code :


And comment this line :

// liHtml =  “<li>” + $(this).attr(“ows_FileLeafRef”) + “</li><br/>”;

This will retrieve the bare output of the return SOAP Envelope in your form.


You can select it out of your Form, and paste it in for example XML Notepad.


It’s got some millage but still going strong. Smile


Here you can see all the Nodes and Attributes in the tree structure.

The one we are interested in is the attribute ows_FileLeafRef in the node z:row

That’s where the document ID and Name appears in.


Once we use that in our code, the result is looking good.

I got the 2 document references from a Document Library somewhere else in SharePoint using SP Web Services !


Hopefully this can clear some mist on how to get all the missing mystery information and parameters correct.

SharePoint – Pass a Parameter as FILTER value to a Web Part

January 22, 2015

Click on the relevant Web Part -> Right Side -> Click on Hyperlink

Keep in mind EACH WebPart has a separate Data Source Field, Filter and Sort Settings !



First Create a New Parameter value based on a Query String Variable.


Next set the DVWP Filter settings


The result is that the data in DVWP will be filtered on load, by the Query String variable.

Second Example is to Filter a DVWP based on a Field value.

Based on the Query String Parameter you can filter the detail list web part for the items added.


It will look like this. There is some garbage appearing on top of the DVWP ?


Solution :

Just open the Form again in SP Designer and comment out that section to get rid of it.

    <td width="25%" class="ms-vb">
    <b>File Type:</b>
 <xsl:value-of select="@HTML_x0020_File_x0020_Type.File_x0020_Type.mapico"/>


Look in the code for <!—…. –>

Filtering is quite handy !

SharePoint – Convert Drop Down Box in a New Item Form to Text Box.

January 22, 2015

It is possible to Convert drop down box in a NEW form to Text Box.

Even if the list field type remains a Dropdown Box.

This can only be achieved if in a CUSTOM List Form ! Not on a standard List Form created from the menu.

1. Create a Custom Form


2. Next Convert the field


Change the dropdown to a Text Box now we can.


3. Set the value on load.

Now you can set the field value using a Query String Parameter value.

<!-- Change to Parameter Variable @HeaderID -->
<asp:TextBox runat="server" id="ff2{$Pos}" text="{@Sample_Header}" __designer:bind="{ddwrt:DataBind('i',concat('ff2',$Pos),'Text','TextChanged','ID',ddwrt:EscapeDelims(string(@ID)),'@Sample_Header')}" />

<!-- Change to Variable $HeaderID -->
<asp:TextBox runat="server" id="ff2{$Pos}" text="{$HeaderID}" __designer:bind="{ddwrt:DataBind('i',concat('ff2',$Pos),'Text','TextChanged','ID',ddwrt:EscapeDelims(string(@ID)),'@Sample_Header')}" />

See the code is slightly edited by replacing the variables

text=”{@Sample_Header}”  to text=”{$HeaderID}


This is not possible if we use the original Dropdown field (at least in an easy way).

SharePoint – Query String Parameters

January 22, 2015

In your development project you might need at some point in time to create a Query String Parameter.

But there are some challenges if you want to pass this to a Form Variable !

Here we go :

1. Create a Query String Parameter any string is fine.  and construct your URL.

2. Create a JQuery function for the receiving party.

$(document).ready(function() {

var lastId = $().SPServices.SPGetLastItemId({
    listName: "Sample_Header"});

var nextId = Number(lastId) + 1;
 //alert("Last ID " + lastId);

    $("#Details").click( function()
                      alert("Next ID " + nextId );
     var URL = '/sites/Lists/Sample/NewForm.aspx?HeaderID=' + nextId ;
     alert ('We go to this ' + URL);
    window.location.href = URL;

In this case we will use the parameter to filter a Data View Web Part. So add the script in the receiving Form to intercept is and pass it on to a Data View Parameter

3. Create the DVWP Parameter

In SharePoint Designer create a new Parameter


We call it as well HeaderID and refer to the Query String Parameter called HeaderID.



This does NOT work for a Item Display Form a DVWP ?

Solution is to add this in the standard DISPLAY form NOT as a CUSTOM FORM.


But as a Display Item Form from the menu.


Don’t ask me why ?

For the other Forms (Edit and New) it does not seem to be a problem.

Best always test both ways in case of problems, anyhow.

In case you need to do some manual changes to the Forms.

Don’t use the Insert NEW Item Form from the MENU. Otherwise it goes wrong ?

Choose CUSTOM LIST FORM instead.


Choose for the list you need.


So bottom line is that it is not so straight forward, to get the ball rolling Sad smile