In a company I currently work (I told you before), we have lots of staff and teams that each staff belongs to one of them. To apply security rules to CRM system, we have already some tools, like “Security Role” and “Field Level Security”.
You can define which entities a team or user can access an how far. I mean you can restrict a user to see only his/her activities or hide some entities for him/her.
But there are some situations that you want to show only specific view of an entity to a team. Say you want to only names and owner of “Account” entity to team “X”.
When a user opens “Accounts”, bunch of views are there to filter result for him/her. But we want user to have only one view of “Account” and all other views being hidden from her/him.
I googled and found this useful solution. You can easy filter views based on security rules. You can even say which view is the default one, when a user/team wants to see records of some entity.
Using the solution, I created a system view, assigned to team “X” as a default view for “Accouint”. Every thing works fine, team members only see name and owner in their views, but when they use quick search box, view changes and all other fields become visible for team members.
That is where plug-in comes to the play. By creating a plugin on pre-operation of “RetriveMultiple” message of account entity you can restrict the fields returned to the user requested the view.
Hope it helps.