I am using MOSS 2007 Enterprise and I have two document libraries. One contains 15 years of tax returns, another contains 160 monthly bank statements from various lenders. The public view on the tax return library is limited to the last 3 years. The public view on the bank statements library is limited to the last 3 months. I've discovered that because the tax returns are labeled Year-Type (i.e. 2009-Federal-Company1.pdf, 2009-State-Company1.pdf) and bank statements are labeled Year-Month-Lender (i.e. 2010-05-KeyBank.pdf, 2010-04-HuntingtonBank.pdf), then all a saavy person needs to do is change the dates in the url and they are able to retrieve documents outside of their allowed parameters. I am now giving additional groups (i.e. LENDERS, INSURERS, ACCOUNTANTS, etc..) access to these document libraries. (For example, Lenders need 2 years on taxes and 3 months on bank statements, while Insurers need 1 year on taxes and 0 months on bank statements, and Accountants need 3 years on taxes, 12 months on bank statements.) I've placed webparts on each group's webpage that only presents the PDF's they are allowed to download or view. But how do I prevent any of these users from viewing or downloading documents outside of their scope of access. I have a similar problem with groups CLIENTS, FRIENDS, LENDERS & REALTORS, where a client may not wish to share all documents in their Project's library with their FRIENDS, LENDER, & REALTOR. (i.e. FRIENDS don't need access to CLIENTS contracts & change order pricing, but LENDERS do.) And I have documents in that library that need to be shared with LENDERS & INSURERS, but I don't want the client seeing them.

Hi there, It's important to note that Views and Audiences is NOT secure. That is, not only can a saavy user edit the document's metadata appropriately to gain access to the document, but if they know the direct URL to the document - they will also gain access. The purpose of Views and Audiences is more of filtering mechanism to limit content to that which is relevant to the current user for simplicity purposes. The only way to secure access (and denial of access) to a resource is to use permissions on that item. Permissions can be set at the library, folder, and even individual document level. Hope that helps.

Understood and thanks for the response. In the first scenario (LENDERS, INSURERS, ACCOUNTANTS), a rolling set of permissions that allows viewing documents based on a range of dates (i.e. - [TODAY() - 93] for 3 months) is all that is required. Having a content management system that automatically manages access to content on a weekly, monthly, or even annual basis seems intrinsic. There has to be an OOTB solution and I'm simply not making the connection. If I were a programmer.... I'd deny all of the aforementioned groups access to the document libraries. Then I'd create a user account called "Librarian" who specifically had permission to visit each library and retrieve any document. Then I'd create a special webpart that displayed a subset of documents based on the necessary logic but the hyperlinks only worked by using the "Librarian" user's permissions to open the documents. Then it wouldn't matter that the URL is right there for a user to see, because requesting the document from a browser simply wouldn't work. The request has to come from the webpart itself (using RunWithElevatedPermissions of the "Librarian" user account). Even a simple refresh of the browser should result in an access denied because the document must be served to the browser (via the webpart), not requested from a browser. Unfortunately I'm not a programmer.... but I'm confident that such a person has already created what I seek, that they work for Microsoft, and its already inside MOSS 2007 Enterprise waiting to be discovered...Help.