One of the SharePoint features that many end users and site administrators have a hard time understanding is the concept of Audience Targeting. In fact, I received a question recently asking me to describe how “Audience Targeting” differs from the authentication needed for features like “Collaborative Workspaces”.
The short answer is that Audience Targeting is not security. Audience Targeting is a type of personalization. Personalization is not security.
Authentication is the process by which a unique identifier (such as a username and password pair) is used to validate the identity of the user. The authentication is then used to authorize the requested access, such as gaining access to the Team Workspace areas, working on documents, accessing protected areas of content, etc.
SharePoint provides the ability for SharePoint Administrators to segment users into logical groupings called ‘Audiences’. An audience could be ‘new members’. An audience could be ‘everyone who lives in Dallas’. Audience Targeting is a way to flag content to be highlighted to authenticated users that are part of a specific Audience. While Audience Targeting may seem like a complex topic, it can really be thought of as a ‘filter’. Audience Targeting can be used to show an advertisement, a graphic, a video, a link, or any piece of content to a specific group of users (in the audience). This does not prevent other users from finding the content (though other links or searching) – it just highlights the content for the targeted users.
To make matters even more confusing for folks, you can actually use SharePoint Security Groups and Authentication Groups (such as AD Domain Groups or custom Roles) as audiences as well – extremely useful but confusing to some nevertheless.
This sure is confusing at times. Let’s take a look at a example. I have a document library with 10 documents in it. I have a bunch of security enabled distribution groups in AD (each containing 10 or more users). What I’d like to accomplish now:
I want to show each of the document in my document library to a different group of AD users (only the users in that AD group would see that the document exists in the library). I can give straight permissions to each document, based on the AD groups (that’s not a problem). Only the specified group of AD group members can now edit the document. The problem is, that others can still view the document through their browser. I would like to accomplish this in a way, that only the spesified AD group users would SEE and be able to edit this particular document.
I took a look at audience targeting (by going to the spesific documents properties and browsing audiences). But the problem here is, that I can only spesify existing sharepoint /distribution list. The “browser” does not find groups straight from the AD. Do I have to manually first create a Sharepoint group -> import users from a AD group to it and then use this sharepoint group as a audience? Or am I missing something here?
I’m quite confused with this. Any help would be much appreciated!
Cheers!
Juha
Dear John,
Indeed a nice feature AT based on ruling or filters. BUT:
Suppose I place my sharepoint database outside my LAN en outside my DMZ, how can I protect data in the MS database with informatyion about customers (names, age, whatever), is there any feature known where I can sore filters for AT in the sharepoint database with a service (SOA) to analyse data in the background (behind mu DMZ) en return a value which can be used to personalize my content ??
Niek
I think you can map your profile properties through the BDC (or BCS) connections in order to map profile properties. Take a look at a post that Sign in Maxime Bombardier did a while ago: http://blogs.msdn.com/b/maximeb/archive/2008/03/29/computed-profile-property-with-bdc-and-web-services.aspx