School of Hard Knocks Lesson: Audience Targeting

SharePoint audience targeting is a great way to hide content from unauthorized users, right? You don’t want Department B to see the calendar on Department A’s home page, so you edit the calendar web part, targeting the calendar to Dept A only. Voila! When a member of Department B navigates to the site, the calendar does not appear, while Department A’s members see it. Nicely done, and you didn’t have to mess with those confusing security groups and permission issues.

“Is Bob Spiking the Eggnog in this One?”

Hold on there, big [boy|girl]! We need to determine WHY you’re hiding the calendar. If it’s because Dept B doesn’t care about Dept A’s dental appointments and would much rather see say, links to some incriminating office Christmas party photos, you’re cool. Content filtering is what audience targeting is all about. Using audience targeting, you can present a customized feel to a SharePoint site based on the user’s id or group membership. Given the limited screen landscape available when standard navigation is employed, audience targeting can also help create a cleaner, less confusing user experience.

“Obscurity is Not Security”

If you’re hiding Dept A’s calendar because it contains top secret appointments that shouldn’t be seen for security reasons, however, you have not done enough to keep out those nosy Dept B snoops. Just because a user does not see a web part displayed on a given web does not mean that the content is not available through alternative navigation, such as View All Site Content or by following a link returned in search results.

You can quickly test this by creating an item in an audience targeted SharePoint list or calendar that contains an uncommon or made-up word, such as “IfDeptBCanFindThisI’mDoneFor.” Log in as a user who is not in the targeted group, but otherwise has permission to view the site. The list or calendar will not be visible on the page to which targeting has been applied, but if the user searches for “IfDeptBCanFindThisI’mDoneFor,” the item will be returned in their search results, and the user will be able to follow the link in the search results to see the item’s content. Doh!

[Note that, depending on your crawl schedule, it may be several minutes before the new “IfDeptBCanFindThisI’mDoneFor” item is indexed and available in search results.]

To prevent this, you must modify the permissions for the web part in question. Care should be taking in requirements gathering here, as “Department B shouldn’t see this,” can mean different things to different people.

While audience targeting can create a customized experience for users, be aware that excessive use of audience targeting can cause slow load times, as all the content is rendered, and then subsequently filtered based on audience targeting.


About Joy Lavigne (Adkins)

SharePoint and O365 Business Analyst for a mid-sized organization. Recovering SharePoint on-prem Administrator. Frequent speaker at SharePoint Saturday events. Teller of terribly corny jokes. View all posts by Joy Lavigne (Adkins)

2 responses to “School of Hard Knocks Lesson: Audience Targeting

  • Robin Majumdar

    Nice article. I was familiar with the audience functionality being about targetting content (and not security trimming it) but hadn’t really considered the performance load aspect. Good stuff to know, especially since I’m working on a deployment crossing multiple organisational units, in different cities and time zones (with varying WAN connection links)… optimizing portal dashboards is part of the equation, as is content targetting via audiences…

  • AbuShokry

    good information here, thanks. but are you sure that audience targetting will make the whole web part/views load then it will hide based on specified audience?

    can you please provide a any resources discussing this point?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: