Been working on the SharePoint site for some time and got these questions:
How to keep files secure for different people.
In one folder there will be 500 excel files. Each one must be locked down to just specific people. No one should see anyone else's file.
What are the options and what is the most efficient to manage considering a large number of users?
What would be the best option to solve this? I know permission level can be used to give and restrict access to documents uploaded in SharePoint but I do not think it is possible to restrict access to files e.g. file a - belongs to person a, therefore person b, c, d .... cannot access it.
Any help will be appreciated.
Thank you
There are several scenario about A can access a file B cannot:
See draft items in a list or library:
List settings -> Versioning Settings -> Content Approval -> Yes
When files upload, it would be in draft status
List settings -> Versioning Settings -> Draft Item Security
You could set it to ‘Only user who can approve items’. Then only author or with approve permission can access the draft items.
Change view:
You could change the view to filter the files.
Add the filter ‘create by’, for example add a filter ‘create by’ ‘A’, it would not see the files create by others.
Single file access:
You could set single file access in library.
Select a file -> more -> detail -> manage access.
Related
We have SharePoint Online site with list. Users can add, edit and delete own items in this list.
How I can resolve new issue - Users can't edit and delete own items older than one week (from creation date).
Is it possible without coding Remote Event Reciever or Azure function?
Per my knowledge, there is not an OOTB way to achieve it, we have to write some custom code.
If you only want to the user can't see some items in list view base on some condition, we can use list view Filter to achieve it. Note:User also access item form through URL.
I suggest you use remote event receiver or azure function to achieve this requirement.
In classic site, we can also add some JavaScript code into master page to prevent users access edit form page and hide the delete button in the page.
For this kind of requirement the solution which is 'no code' and with SP online is Power automate (previously MS Flow).
The best option in Your case would be to create a recurring flow which for example starts every day at 00:10 AM -> please see MS docs with description how to do this.
The Flow should get all items from a specific list for a specific site. You can do that with the 'Get Items' step. After that You can use the 'Apply to each' Step to check each item creation date with a 'Condition' Step. When some item will be older than one week You can use additional steps to break permission inheritance on item and remove all groups from permissions on this item or change the permissions on item from edit to read. Here I found an interesting article where are some predefined steps shown how to remove all permissions, remove and add a group. To tell You the truth I was not aware there already are this kind of steps in Power automate (maybe something new :) ) .
I would use SharePoint HTTP request and use SharePoint API to remove permissions on item and change some group role from edit to read. So I would do a similar procedure like here the only difference is not to break permission on all list but just on a specific item which I would get by ID. You can do all of those API request with a 'SharePoint HTTP request' Step
Please be aware there usually is a 5 000 unique permission levels threshold (50 000 is in on-prem) in list (place check here for latest info on limits in SP Online). So a better option would be to create a folder with view only permissions for the users before and when an item is older than one week You could only move this item to that folder also with Power Automate. That way all the files (items) in this folder would be read only and You would have only one unique item scope in this list and not as many as the old items.
Some other options You could use are:
Also code solution, but not RER and Azure function, would be to create a console app that uses CSOM to look through items in this list and either breaks permission on each item or moves to a folder (like the flow) and schedule this CSOM app on some local or remote server in Task Scheduler... Of Course You would need some local (or other) server for it which is always up and running :)
If You would like to use some 'little coding' and by any chance You are still using classic UI (not modern) You could use JSLink attached to CT or some column like Title and block editing of fields in edit forms etc (this is not the best option as always the users may create a view without a columns with this JSLink and go around this or modify the item using CSOM or Rest API)
You might consider using PowerApps (In case you have it configured in your subscription) to customize the edit form,
Then you use the validate() method, and disable a user from submitting the form in case ("Created" + 7 days) <= Today() or something like that.
Am using Kentico 9 in creating book store that will contain more than one section like Fiction Books and so on .. i want to assign rule to user that allow him to manage this section only to add/modify/delete books, and so on with the rest of the sections .. i can now assign manager or editor that can modify all products, but i need to make him belongs to just one category of products .. also i've tried to assign department to products and just assign user to manage it but still it doesn't make sense .. i've tried to check Kentico Doc to find an answer on this question but i didn't find the solution, can any one help me in that?
What you are looking for is the Default alias path property within the user configuration (Users -> user -> General -> Default alias path) where you can specify what section of the content tree your user will see. Then you can just set proper permissions.
Does your category (or section) of products have the same page type? If so you can set proper permissions for CRUD operations (and more) per each page type (type of product). Just go to Permission > Permissions for: Page type and set proper rights.You can learn more here.
If not, you can still use Page-level permissions - ACLs (just follow example section).
I'm a coldfusion developer, and I've been asked to rewrite a coldfusion application for SP 2010. I have no SP experience, but I'm now the SP admin.
My application is a waiting list for customers that enter a service center. The customer is entered into a List that tracks the following:
Name
Location (drop-down list of physical store locations. no multiple/custom values)
Check-In Time (timestamp for when customer was added to list)
Service Required (drop-down list, not allowing multiple or custom values)
Staff Member Requested (option, user select box)
Time Seen by Staff (timestamp when list item edit begins)
Seen By Name (name of user that edited record)
Time Finished with Staff (timestamp when list item edit is saved)
There are a few pieces of functionality that I don't know how to build into this list.
1
The records on the list view must be automatically filtered by the location column. The location to be viewed should be based upon the users group membership. (one group per location)
The Time Seen date/time field must be a timestamp that occurs when the list item is opened for editing.
The Seen By name must be automatically entered when when the user opens the list item for editing.
The Time Finished timestamp must be automatically entered when the user saves the list item after editing.
I don't expect anyone reading this to create this for me, but I would truly appreciate any tips, suggestions, or tutorials you can point me towards that will help me to accomplish these goals.
You will have to create such a list with the SharePoint Administration. You have several possibilities to do this. You can build them in you web browser using your SharePoint Site with the necessary rights, you can use the Microsoft SharePoint Designer (similar, less functionalities but in my opinion easier to use) or you could deploy the list after you built it in Visual Studio (best solution if you want to deploy it on more than one server or you want to change your list afterwards, but difficult).
There are some things you have to know: A list manages one or more content types. A content type is a collection of columns that contain the types (and more information) of your data. There are templates for content types and columns, but you will have to create your own content type and maybe some new columns as the templates might not be enough for your demands.
I'm not sure how to manage your first point. There is definitely a solution but I'm beginner, too.
The other 3 points could be managed by workflows: You can define workflows for a list, that do things after an item of your list is created or edited. I'm not sure if this will be useful for your 2nd point.
Another possibility would be to build a webpart, but that wont be a solution for a coldfusion project as I think. In a webpart you could handle all the interaction that are made by an user and change your list item individually.
A third way is to build an event receiver (using Visual Studio) for your list, but then you would have to build your list with the help of the VS as well.
I'm sure that won't answer all your questions but I hope you have some directions that you can inform about.
( Regarding Moss 2007 )
i have created a sharepoint list in which one column is called user assigned - this is a lookup column of type - people and group.
i select the users from active directory to enter this field of the list.
So different items in this list have different users assigned
I have create permissions for this list to be read and write to the users in active directory .
so that when a particular user logs in to the sharepoint website with his credentials. he has read and write access to the list.
Now is there any way available in sharepoint by which the user do not see the whole list when they login to the website . He only sees the items of the list which the user assigned field is him only.
If the permissions are indeed setup right, you only have to go to List Settings, Advanced Settings, Item-Level Permissions and on "Read access: Specify which items users can read" you define their own.
If the users are not the creators of the items, you need to go to List Settings, Views (at the far bottom), modify the All Items View (or w/e you have as default), go to the filter section and add a filter like: "Show items only when the following is true", "Show the items when column" Assigned To is equal to [me]
I've been implementing such solutions for some while. It is possible, but
it takes much work to be done
if used in long term and/or the amount of data is large, this will hit performance
If none of these is a problem for you, then you can:
create code which performs BreakRoleInheritance() on the item, then adds ViewListitems permission for the user in "user assigned" column. You can find example code, for instance, here: http://social.msdn.microsoft.com/Forums/en/sharepointecm/thread/581e456c-db3c-44f1-b958-a824d95a2536 (or search in Google for "SPPrincipal" and "SPRoleAssignment" for more info)
make this code be called whenever the item is added or updated (you have to wait for the "-ed" events, because in the synchronous version of these events you can't change the permissions yet, for instance in "ItemAdding" there is no item created yet). You can achieve this by adding an event handler to the list.
How do I create a different users category? (more restrictive - with view only properties)?
How do I create a View - only for this category of users?
I need to group some users into a view only category and then assign only ONE view to this group, so they can not see everything that is in my list.
SharePoint, so far, does not give the option to restrict access at cell level so I need to go around this and create a view for this group, with the condition that all that they can see is this View (and they should not be able to add columns to this view).
Thanks.
Considering that you want to restrict the List View to only specific set of users. You have the following options
Doing it in the SharePoint UI but not suitable if you have lots of item and you want to do it for a SharePoint Group.
Open Source - CodePlex Good one I have tried it - It has got what exactly you want Column level restriction
Third Party in case if you feel to spend $ - Seriously I didn't try this tool.
Another Option to do it in SharePoint UI - Quick solution but - Wont prevent user from creating their Own Views.