Can a workflow be used to edit permissions of a document

All replies

• 

  

  0

  Sign in to vote

  Yes, it can.
  
  You need to write some code, however.  For SPD, you need a custom action and a visual workflow studio is coded by definition.
  
  There are several custom SPD actions available from codeplex and maybe you could purchase them.
  
  Another way to do what you want is to enable version control and content approval on the document library.  That won't require any coding at all and allows you to define a rule that allows users to view/edit only their own documents (and no other users' docs) or those with "contributor" access.
  
  Lastly, SP2010 provides some nice SPD workflow activities out of the box for setting permissions, though I know this won't help you short term.

  ---

  --Paul Galvin, Arcovis
    Microsoft MVP - SharePoint
    Blogging @ http://feeds.feedburner.com/PaulGalvinsSharePointSpace
    Twitter @ http://www.twitter.com/pagalvin

  • Marked as answer by dwilborn283 Sunday, November 1, 2009 1:08 AM

  Saturday, October 31, 2009 2:03 PM
• 

  

  0

  Sign in to vote

  +1 on SPD2010.  I have already built workflows that clear then set permissions based on users chosen in People Picker fields within the list item.  It just doesn't work with GROUPS yet, so I mentioned that to the SPD team.
  
  I did think there were some custom actions out there for SPD2007 to do some permission modification - maybe not as many options as 2010, but at least something.

  ---

  SharePoint Architect || My Blog

  Saturday, October 31, 2009 4:33 PM
• 

  

  0

  Sign in to vote

  > Another way to do what you want is to enable version control and content approval on the document library. 
  Works for some list types, but not document libraries.
  
  
  Look to CodePlex.com for some custom actions for SharePoint Designer 2007 (need to state the versions going forward!)
  I think this is the one: http://www.codeplex.com/SPDActivities
  
  
  Here's some code to change the permissions on a list or library (again for SP 2007) for either a user or a group:
  
  

  Imports Microsoft.SharePoint
  
  Module Module1
  
      Sub Main()
  
          Dim site As New SPSite("http://maxsp2007/sites/training/")
          Dim web As SPWeb = site.RootWeb
          Dim list As SPList = web.Lists("Announcements")
          Dim item As SPListItem = list.Items(0)
  
          ' in a workflow you will get the web object and list item from workflow properties...
  
          Dim member As SPMember
          Dim roleAssignement As SPRoleAssignment
          Dim roleDef As SPRoleDefinition = web.RoleDefinitions("Contribute")
   
  
          'break inheritance and remove all existing Roles
          item.BreakRoleInheritance(False)
  
  
          'Add a user and role to the list
          member = web.AllUsers("maxsp2007\someuser")
          roleAssignement = New SPRoleAssignment(CType(member, SPPrincipal))
          roleAssignement.RoleDefinitionBindings.Add(roleDef)
  
          item.RoleAssignments.Add(roleAssignement)
  
   
  
          'Add a group and role to the list
          member = web.Groups("Training Members")
          roleAssignement = New SPRoleAssignment(CType(member, SPPrincipal))
          roleAssignement.RoleDefinitionBindings.Add(roleDef)
  
          item.RoleAssignments.Add(roleAssignement)
  
  
          'C# version
  
          'SPSite site = new SPSite("http://maxsp2007/sites/training/");
          'SPWeb web = site.RootWeb;
          'SPList list = web.Lists["Announcements"];
          'SPListItem item = list.Items[0];
  
          'SPMember member;
          'SPRoleAssignment roleAssignement;
          'SPRoleDefinition roleDef = web.RoleDefinitions["Contribute"];
  
          '//break inheritance and remove all existing Roles
          'item.BreakRoleInheritance(false);
  
          'member = web.AllUsers["maxsp2007\\someuser"];
          'roleAssignement = new SPRoleAssignment((SPPrincipal)member);
          'roleAssignement.RoleDefinitionBindings.Add(roleDef);
  
          'item.RoleAssignments.Add(roleAssignement);
  
          'member = web.Groups["Training Owners"];
          'roleAssignement = new SPRoleAssignment((SPPrincipal)member);
          'roleAssignement.RoleDefinitionBindings.Add(roleDef);
  
          'item.RoleAssignments.Add(roleAssignement);
  
   
  
      End Sub
  
  End Module
  
  

  ---

  Mike Smith TechTrainingNotes.blogspot.com

  • Marked as answer by dwilborn283 Sunday, November 1, 2009 1:09 AM
  • Unmarked as answer by dwilborn283 Sunday, November 1, 2009 1:09 AM

  Sunday, November 1, 2009 12:04 AM
• 

  

  0

  Sign in to vote

  Mike,
  
  Thanks for the detailed reply.  One question, where do I put all that code.  I have always been a little fuzzy on the actual deployment of coded solutions.  I wrote a little VB about 8 years ago but it was only simplistic beginner stuff.  Pretty easy to figure out where to start when there is nothing there to begin with! :) 
  
  I think perhaps you misunderstood what I am trying to accomplish.  That code elevates a user or group if I understand correctly.  Perhaps I am wrong but that does no good if they cannot see the document library to begin with?  The situation we have needs to allow users to upload documents via the sharepoint web application to an existing document library and then not be able to view the document afterwards.  My thought was that I could allow users the contribute permission and then elevate any uploaded documents to a designer level. 
  
  I have tested the content approval method on a document library and found that it does suite my needs.  Although it is probably not the desired method it does provide an immediate and easily deployable solution to my problem.  Given my level of experience and knowledge regarding sharepoint this is probably the most appropriate solution currently. 
  
  Thanks to Paul for the easy answer :)
  
  Any of you guys that have the ear of SP2010 designers need to get them to implement an easy write without read permissions setting.  Go in edit permissions check write and done!  I found quite a few threads with a similar situation to my own.

  Sunday, November 1, 2009 1:08 AM
• 

  

  0

  Sign in to vote

  Mike, re: your comment:
  
  > Another way to do what you want is to enable version control and content approval on the document library. 
  Works for some list types, but not document libraries.
  
  It absolutely does work for document libraries.  Go to the library, its settings, select "Versioing Settings".
  From there, select Yes to the question "Require content approval for submitted items? "
  
  That will open up the bottom part of the screen with a set of self-explanatory settings that may solve the original problem posted by dwilborn238. 
  
  

  ---

  --Paul Galvin, Arcovis
    Microsoft MVP - SharePoint
    Blogging @ http://feeds.feedburner.com/PaulGalvinsSharePointSpace
    Twitter @ http://www.twitter.com/pagalvin

  Sunday, November 1, 2009 1:25 AM
• 

  

  0

  Sign in to vote

  Paul,
  
  > need users to be able to upload documents with out being able to view them or any other documents on the library. 
  
    A document in Pending status will still be visible to the person who uploaded it.
    Content approval does work for libraries, but the uploader can still see the document.
    Clicking "Require content approval for submitted items? " does not show or hide any additional settings. (at least in SP 2007)
  
    What I thought you might be leading to are the "Item-level Permissions" options in the Advanced settings screens, which are not available to document libraries.
  
   
  dwilborn283,
  
  The code would go in a Visual Studio workflow, which compiles to a DLL that needs to be deployed to the server. A better option might be the SharePoint Designer actions at the codeplex.com site.
  
   

   

  ---

  Mike Smith TechTrainingNotes.blogspot.com

  Sunday, November 1, 2009 1:49 AM
• 

  

  0

  Sign in to vote

  Mike, you're right, of course.  I didn't realize from the original thread that once uploaded, the original person to upload should not longer have access to it. 

  ---

  --Paul Galvin, Arcovis
    Microsoft MVP - SharePoint
    Blogging @ http://feeds.feedburner.com/PaulGalvinsSharePointSpace
    Twitter @ http://www.twitter.com/pagalvin

  Sunday, November 1, 2009 12:45 PM
• 

  

  0

  Sign in to vote

  Great topic.  Will create a fresh post and refrence this one.. but related and wondering..

  - Is there a way to grant a user the rights to see other peoples drafts and unapproved docs without giving them approver?

  - In SPD 2013 using WF2013, possible to MOVE approved docs to another library where nobody has Edit? Possible to move metadata say we have custo colum called "DocOwner type people"

  - Possible to search/filter all documents partial strings in filename and metadata with a people column. I've built seen XSLT code in SP2007 in an SPD  Dataview, but trying this on SP Online 2013 and SPD 2013 has dropped Dataview Design mode :(

  - Possible to get single Dataview of files across multiple folders and libraries where the Library and Folder are seen as columns in the DataView in SPO 2013 using SPD 2013

  ---

  ============================
  Thank You
  cyberpine.com
  

  Friday, June 7, 2013 9:45 AM