I have a SharePoint 2013 WF on a list (SharePoint 2016 on-Prem).
Under the following scenario, the WF is NOT visible to the user
User has Full Control on List
User has only Read permissions at the site Level (Visitors group)
Under the following scenario, the WF IS visible to the user
User has Full Control on List
User has Contribute permissions to the site (Members group)
I don't want the user with more than Read permissions on the site. But do want them to be able to see the workflows on the List and invoke them.
Any thoughts?
I think you can create a list workflow instead of the site workflow.
Related
I am trying to create a role in SharePoint 2013 but I am unable to find any kind of option to create a new role. I don't want to create group. I know there is difference between role and group. I have created roles and groups using SharePoint 2013 client library code, but now I want to create role manually in SharePoint 2013.
I am not sure if I understand this correctly but I am suggesting you a few things:
Supposing that you have access to the site permissions, you could navigate to Site Settings -> Site permissions (under Users and Permissions). In the ribbon you find the Permission Levels button and once you click it you will go to a page where you can add new permission levels or maybe edit/delete the existing ones.
When you create/edit a permission level, you can choose what kind of permission that permission level will have, for instance, "Add/Delete Items Items" for list permissions or "Create sub-sites/groups"
I would refer you to this link Use SharePoint permission management to create various roles in an app for SharePoint
I am not an expert with SharePoint and couldn't figure out if this questions has been answered already in SO. So, please redirect as necessary. Thanks!
Customer has a sharepoint farm (syncs with AD) which is a purely OOB implementation and no custom code. That said, the question is - if a user was updated in AD (a property of the user), can the user's permissions on the existing site collection, be modified/reset automatically without manual intervention?
Let's say if
1) User belongs to BusinessGroup "Group1" (AD) and the user has "Full
Control" to SharePoint site collection "Group1-SiteColl".
2) User's BusinessGroup is now changed to "Group2" in AD.
In this scenario, the user permissions on "Group1-SiteColl" should be reset to "ViewOnly" (or something of that sort) and the user should be given "FullControl" permission to the new SiteCollection "Group2-SiteColl"
How can this be achieved (automated, no manual intervention) without deploying any custom code. With PS or OOB workflows?
Any help is appreciated.
You can set permissions only for users or groups (both SharePoint and AD). Based on AD properties you can define audiences to hide or display some parts (typically webparts) in SharePoint UI. But this is not equal to permissions!
I have made a SharePoint 2013 workflow for a list in which users have read permission only. I want to give the user rights to kick off the workflow through the Custom List Action. But i get this error everytime:
"Unfortunately, this site has not been shared with you."
How can i solve this? I have already created the workflow using the following msdn article(creating a workflow with elevated permissions): https://msdn.microsoft.com/en-us/library/jj822159.aspx.
But this does not seem to help in my case.
Had to Update-Wrong Links
If the user only has read permissions, they will be unable to add items to the list. You weren't very clear on how this workflow kicks off or what it does but my guess would be to provide either a custom permission which allows a user to add items but not edit/delete. See here for instructions on how to do this.
or
You could enable anonymous users on the list and allow anonymous users to add items. See here for instructions on how to do this.
Your security concerns are going to determine your approach but for what I have read I think either would suffice.
**** You must have Admin rights to perform this ****
In SharePoint Workflow 2013, you can use the APP step that will allow the workflow to be authorized with its identity as a Full Control and ignore the current user permissions.
This is will ensure that the workflow will be executed successfully in case the current user has no permissions.
Note: The APP Step will be disabled if you didn't elevate the workflow permission.
For more details check Workflow was Suspended with Unauthorized HTTP / Elevate Workflow permissions in SharePoint 2013
I created a group of users in the SharePoint subsite, i.e. pressed Create Group button on a ribbon of this particular subsite Permissions page. Nevertheless I see this group in the list of groups in my parent site.
Does this mean that all SharePoint groups are stored on the site collection level? Meaning that all groups are relevant to any site in the collection?
If this is so, what were the reasons for this design?
Yes, you can access all groups from the main site and any website in the collection. And I guess the reason is to give you the ability to use any group in any website under your collection.
I want to give a member a privilege to create a sub site or workspace with same permission as that of parent site. I have changed the OOTB "Contribute" permission level i.e. I have given permission to Create a web site. After doing this a Site Action Menu appear and I don't want it to be displayed when member with "Contribute" permission level is logged in. Is is possible to Hide Site Action at all without using designer?
Why not just create a new permission set, lets call it "Site Creators", that has all the option checked that contribute has + create site. Then create a new SharePoint group, add your users and add the new permissions set to the group's permissions.
Below are what I do usually. Hope it works for you too.
No.1 Open up the master page in SharePoint Designer.
No.2 Wrap the html of the Site Actions within a SPSecurityTrimmedControl.
No.3 Set the Permissions String as appropriate.