Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SharePoint list item permissions

I want to programmatically make it so that users can see only particuar items on the list.

Basically in an workflow that runs when an item is created I'm going to do some stuff and notify some people about this item. I also want it to change the permissions on the item so that only particular users (looked up on runtime based on the items contents) can read the item. The rest of the users that have access to the list will only see particular items but not all of them. The list item might not necessarily be owned but the user(s) that need to see it so I can't set the list permissions to letting users only see their own items.

To put this into context if it helps- The list is registering job roles to a particular member. Every list item is a role assignment that contains a lookup to a role in the roles list and a lookup to a member in the members list. I'm not directly using a multilookup field in the members list for roles because each role assignment needs extra information held about it such as a description, a start date ect. Each role has a particular user/group that manages it. I want it so that when going to this big list of role assignments, a user can only see the role assignments for the roles that they are the manager of.

Advice would be much appreciated.

like image 968
Daniel Revell Avatar asked Jul 01 '09 14:07

Daniel Revell


People also ask

How do I restrict items in a SharePoint list?

Access the SharePoint site that contains the list or library for which you would like to set limits. Click on the list and select “Paging” on the ribbon menu that appears. Select from a list of fixed options to display items as sets of 1, 5, 10 or 30 items or limit item display to 1, 5, 10, or 30.

What is item level permissions in SharePoint?

The Item Level Permissions functionality is available to this User only if the level of site and list is at least design. Finally, With admin permissions, we can programmatically configure project-level permissions in SharePoint Online through PowerShell.

How can you stop users from editing list items that other members created SharePoint?

Go to Site settings > Site permissions > Permission Levels > Read > Copy Permissions > Create new. Please ensure you don't select Edit items rights.


1 Answers

You can assign permissions to individual list items. For ex.

        // get list item
        SPListItem item = <your list item>;
        if (!item.HasUniqueRoleAssignments)
        {
            item.BreakRoleInheritance(true);
        }

        // get principal
        SPPrincipal principal = <principal to grant permissions to>;

        // get role definition
        SPRoleDefinition rd = <role that contains the permissions to be granted to the principal>;

        // create role assignment
        SPRoleAssignment ra = new SPRoleAssignment(principal);
        ra.RoleDefinitionBindings.Add(rd);
        item.RoleAssignments.Add(ra);

But beware about the performance and operational implications of assigning permissions per list item.

In general, I would prefer

  • Permissions assigned no deeper than the list level
  • As much as possible, assign permissions to groups and then include individual users into those groups.
like image 57
Ariel Avatar answered Oct 02 '22 18:10

Ariel