none
Item level permissions (Best Way)

    Question

  • Hello All,

    We have a list , suppose 200 items , accessed by multiple users.

    I need to set item level permissions

    Users can be able to read/edit their own records.They can create N-no of views(that to be restricted by item level permissions)....Sometimes admin can edit their records.

    What is the best way?

    SharePoint Designer 2010(workflow....how to do for existing items ,bulk item update)

    Client Object Model (no support for event handlers....ECMA is an alternative)

    JQuery/JavaScript/ECMA(these are all restricted to the particular view itself...if the user creates another then it shouldn't work)

    Server Side(Sorry I have no rights)

    Please let me know your way...the best way which should be applied the item in the list not the item in the view

    Thanks


    Like Cricket

    Monday, July 22, 2013 6:52 AM

Answers

  • Hi,

    If you loop through all existing items  and change permission in a custom workflow, the workflow will change every item's permission when it runs. That means when a new item is added, the workflow will change all the items permission in the list. This is not necessary and affects performance. Loop is not available in OOTB workflow, you will need to create a custom action to achieve this.

    Thanks,

    Entan Ming


    Entan Ming
    TechNet Community Support

    • Marked as answer by spguy2012 Wednesday, July 24, 2013 3:50 AM
    Wednesday, July 24, 2013 2:58 AM

All replies

  • Hi,

    I understand that you want to only allow users to read and edit their own records.  You can achieve this by the steps below: List settings>Advanced Settings.  Choose ‘Read items that were created by the user’ and ‘Create items and edit items that were created by the user’. In this way, the users can only access the items created by themselves. But Administrator can still access all the items. When it comes to views, you can ask users to create personal views. Personal views will only be available for the user who created the view.

    Thanks,

    Entan Ming


    Entan Ming
    TechNet Community Support

    Monday, July 22, 2013 9:05 AM
  • Here admins can update/add the user records , still the users can able to see

    Like Cricket

    Monday, July 22, 2013 10:40 AM
  • Hi,

    I though you would like Admin to be able to edit all items and users to be able to edit their own items. If you want to deny all the user from editing any items, you can change the list level permission. Grant view only permission for all the users. If you want to edit item level permission for all the 2000 items, you can use a console application to retrieve all the items in the list and edit the permission based on a common action. If you are using event receiver, you need to edit all the items to trigger to event receiver.

    If I have any misunderstanding, please feel free to point it out.

    Thanks,

    Entan Ming


    Entan Ming
    TechNet Community Support

    Tuesday, July 23, 2013 5:38 AM
  • Either way data updation is possible(by user and by admin)

    Console application cannot fired automatically if a record is created

    I don't have permissions to write event handlers(only remote access ,no server access)

    Thanks


    Like Cricket

    Tuesday, July 23, 2013 7:23 AM
  • Hi,

    Console Application can edit the permission for the existing items. Then you can create a workflow to edit the permission and set the workflow start option to 'Automatically start the workflow on item creation'. In SharePoint designer, there is an Impersonation Step. Inside this step, you can use 'Replace list item permission' action to edit item permissions.

    Thanks,

    Entan Ming


    Entan Ming
    TechNet Community Support

    Tuesday, July 23, 2013 7:36 AM
  • Sounds good..I thought of that earlier the same.

    Instead , can we have the WF will do all the things, if we can loop the items in the Workflow itself.

    Thanks


    Like Cricket

    Tuesday, July 23, 2013 2:25 PM
  • Hi,

    If you loop through all existing items  and change permission in a custom workflow, the workflow will change every item's permission when it runs. That means when a new item is added, the workflow will change all the items permission in the list. This is not necessary and affects performance. Loop is not available in OOTB workflow, you will need to create a custom action to achieve this.

    Thanks,

    Entan Ming


    Entan Ming
    TechNet Community Support

    • Marked as answer by spguy2012 Wednesday, July 24, 2013 3:50 AM
    Wednesday, July 24, 2013 2:58 AM
  • Thanks Entan Ming for everything. I will follow according you

    Like Cricket

    Wednesday, July 24, 2013 3:31 AM
  • Hello Entan Ming,

    Still I am not clear :)

    A workflow may be running for a long period and it will not have any issues. Then one day it stops running. The cause? The credentials of the elevated user are no longer valid. There can be several reasons for the change.

    1. A user password can be forced to change. The credentials that are stored with the Workflow are now stale.
    2. The User ID may have been revoked. The user may have left the organization.
    3. The privileges for a given User ID may change. The user has changed departments and is no longer allowed to have access to the department site.

    By following this article pitfalls in workflow

    Please help me


    Like Cricket

    Wednesday, July 24, 2013 3:50 AM