SharePoint audience targeting is a great way to hide content from unauthorized users, right? You don’t want Department B to see the calendar on Department A’s home page, so you edit the calendar web part, targeting the calendar to Dept A only. Voila! When a member of Department B navigates to the site, the calendar does not appear, while Department A’s members see it. Nicely done, and you didn’t have to mess with those confusing security groups and permission issues.
“Is Bob Spiking the Eggnog in this One?”
Hold on there, big [boy|girl]! We need to determine WHY you’re hiding the calendar. If it’s because Dept B doesn’t care about Dept A’s dental appointments and would much rather see say, links to some incriminating office Christmas party photos, you’re cool. Content filtering is what audience targeting is all about. Using audience targeting, you can present a customized feel to a SharePoint site based on the user’s id or group membership. Given the limited screen landscape available when standard navigation is employed, audience targeting can also help create a cleaner, less confusing user experience.
“Obscurity is Not Security”
If you’re hiding Dept A’s calendar because it contains top secret appointments that shouldn’t be seen for security reasons, however, you have not done enough to keep out those nosy Dept B snoops. Just because a user does not see a web part displayed on a given web does not mean that the content is not available through alternative navigation, such as View All Site Content or by following a link returned in search results.
You can quickly test this by creating an item in an audience targeted SharePoint list or calendar that contains an uncommon or made-up word, such as “IfDeptBCanFindThisI’mDoneFor.” Log in as a user who is not in the targeted group, but otherwise has permission to view the site. The list or calendar will not be visible on the page to which targeting has been applied, but if the user searches for “IfDeptBCanFindThisI’mDoneFor,” the item will be returned in their search results, and the user will be able to follow the link in the search results to see the item’s content. Doh!
[Note that, depending on your crawl schedule, it may be several minutes before the new “IfDeptBCanFindThisI’mDoneFor” item is indexed and available in search results.]
To prevent this, you must modify the permissions for the web part in question. Care should be taking in requirements gathering here, as “Department B shouldn’t see this,” can mean different things to different people.
While audience targeting can create a customized experience for users, be aware that excessive use of audience targeting can cause slow load times, as all the content is rendered, and then subsequently filtered based on audience targeting.