It's always a struggle whenever you're configuring something in SharePoint where a user puts in information that is privacy sensitive. Should you fix this by using custom permissions (by using a custom Flow of Workflow), using differerent lists/libraries for each sensitive data type, use item-level permissions or use views with a [Me] filter in it?My answer is: use item-level permissions!
You would say: but when I use item-level permissions, you have to have a minimum permission level of Design to view all items and I don't my the responsible person that needs to view all items to have that permission level...
What if I told you that that user doesn't have to have a high permission level to view all items?
With Item-level permissions, you can define who can and who can't read/edit items that are in any list/library. This setting can be configured within list/library settings - Advanced settings.
You can set this permissions for both Read and Create/Edit access.
Within this section, you can configure who can view items
Read all items
Everyone with access to the list, can view all items
Read items that were created by the user
Someone who created an item, can only see its own item. Other items will not be shown
Create and Edit access
Within this section, you can configure who can create and edit items
Create and edit all items
Everyone with access to the list, can create items and edit all items (if the permission level allows them to)
Create items and edit items that were created by the user
Everyone with access to the list, can create items. Someone who created the item, can only edit its own item
Nobody can create/edit items, except if you have Design permissions or higher.
Design permissions or higher
Like I said before: If you have enabled Item-level Permissions, only people with Design permissions or higher (Full Control or Site Collection Administrator) will still see everything. That's not always something you want to grant your 'controlling' user, because you will provide them with the option to alter the list and its settings.
I jumped into the item-level permissions to see what makes a 'Designer' to override the Item-level permissions and found the following interesting piece of description at the item-level permissions section:
It seemed like something that could help me out, so I went into the Design permission level and searched for the 'Cancel Checkout' permission. Strangely the search did not give me any result:
I thought by myself: don't tell me they depricated this permission?! I couldn't find any information using my favorite Search Engine (which isn't Bing by the way :roll: ), so I jumped a bit deeper into the List Permissions and found the following interesting permission:
The description of this permission contained something that the note of the Item-level Permissions setting was explaining about and it did say it overrides the read/edit settings. When I looked into the Contribute Permission Level, I saw that this permission wasn't checked. When unchecking this permission on the Design permission level, I couldn't see any items other then my own, so this was definitely the permission I was looking for.
Custom permission level
To make sure my 'controlling' user could see all items but wasn't allowed to alter lists and its settings, I had to create a new permission level which I called 'Contribute (with Item-level Permissions)'.
To save me some time, I duplicated the Contribute permission level. You can do this by opening the permission level on <siteurl>/_layouts/15/role.aspx and scroll all the way down. There is a button called 'Copy Permission Level'.
If you click that, all List Permissions from Contribute will be enabled. All you have to do now is to enable 'Override List Behaviors', click 'Submit' and assign the permission level to your 'controlling' user! If you assign any other user with the Contribute permission level, these users can only read/edit their own items (according to the Item-level permission configuration you used) and the 'controlling' user will always see every item.
Please note that this solution only works when the user fills in its own information. With this method, you cannot let another user fill in the information because the user itself won't be able to see its own information then.