Last summer, a request came across my desk for a “truly anonymous” SharePoint 2010 survey.
The powers that be wanted a mechanism for staff to anonymously deposit a comment destined for “Executive eyes only” (an employee engagement initiative).
“Wait a tick”, you say. “SharePoint can do that!”
Not really.
Yes, you can create a survey with options:
– Show user names in survey results = No
– Read responses that were created by the user (instead of “Read all responses”)
Two main problems:
1) Site Owners and other users with Full Control over a site can easily change the anonymous settings on a survey, exposing all previously captured user data. Essentially, this unmasks the list and removes anonymity.
2) Users with contribute permissions on a list such as a survey can export the list to Excel, further exposing user data.
So, I built a fancy (not really that fancy) workflow in Visual Studio that essentially:
– copies items from one list to another and deletes the original items after the copy (thus, masking the creator of the original survey entry : all entries appear as being created by “System Account”)
– uses a lookup list at a central Survey site to determine the target list to copy the staff comment to (depends on the end user’s business unit)
– if the user’s BU or appropriate list mapping is not present in the lookup list, copy the item to a “UnknownComments” list at the Survey site (for error handling)
Then, I found this gem:
https://sajiviswam.wordpress.com/2011/12/09/add-only-permission-level-in-sharepoint-2010/
That is, a custom permission to add a form, but without read access.
The permission solution would not have been so elegant (extravagant?). But dang, that likely would have done the trick.
If you would like me to share out my original solution, let me know in the comments.
Any further thoughts? Drop them below too.