I'm working on an entity called 'Give Feedback'. I want to give create permission for all users and give read permission for that entity where Feedback provider or Manager of the Feedback receiver is current user. I have created a dynamic view for this. But I want to hide that entity from Advanced Find because it allows the current user to see all the records for that particular entity.
Is there any way to do remove or hide an entity from Advanced Find without removing read permission from security roles?
Any help would be much appreciated!
You need to set the right privileges for your custom entity.
If you set the Read privilege as User, with Advanced Find they will be able to see only their own records.
You can also change the property Searchable to No in Entity cutomizations.
Related
I am adding some custom fields to the "user" model of liferay (6.2).
As per my use-case I need to show all the fields to all the users, but enable editing on a few of them, other remains read-only.
I read about the "view" permission and "update" permission but former makes all read-only and later makes all editable.
Do I need to create a hook for this or can there be any other solution?
Read this too:
Customizing liferay hook custom fields
Thanks!
AJ
There is a set of permissions for each custom field which can be tweaked based on roles, which is what I was looking for.
I overlooked and rightly answered/pointed by #OlafKock.
We are using the Tuleap 7.0 for Project management. We have a new requirement that we need to provide access permission to specific users other than administrator role to create field's value with dependencies. For eg: We are having a field called category. Categories are SUV, Sedan, etc., Now we want to add a new category name called Wagon. But I do not want the administrator to add this each and every time instead I need to give permission to either project manager or to some other user roles to add the same. Also we have to add subcategories to corresponding categories. So either we need to provide access permission to specific user or a external interface other than tuleap to add the category and subcategory with field dependencies.
If we have to create an external interface, we do not know in which table the data and dependencies will be available. So kindly let us know is it possible to provide access permission to specific users for creating field's values and dependencies or else let us know detail on table structure that where the insertion of field values happen and the dependencies between fields will be available. Table schema will be more easier. Please help
It is possible for a group to be Trackers administrators but not fully Project administrators, maybe it answers your need but not sure. If you want to go this way, you have to choice: either you set it in the Trackers > administration > manage permissions for each project or in the global administration of the platform in admin > permissions delegation.
If you only want people to only be able to add values to this particular field, I don't think it is really possible. What you can do is to put an openlist instead of a simple list or even modify your trackers structure to have a tracker that represents all the category and set category by doing an artifact link. So to add a category simply submit a new artifact in the category tracker.
For the table schema I'm sorry but I don't have such document.
I have a specific requirement where-in I want only the uploader of the document and a specific team to be able to view it in list / library. 1) is it possible? 2) If yes, how...?
Ok. So I was able to resolve my issue with the steps mentioned below. Soon will be documenting it in form of a blog and share it:
Created the document library and modified the default view to only show documents that were created by/modified by [Me].
Added a new web page to the library and gave exclusive rights to access that to a certain set of users.
Restricted all users from creating a view with the help of creating special permission level where user only had access to upload or delete a document but not creating/updating/deleting lists/views. Also disabled private view creation.
Hope this may be helpful to others too who are looking for restricted views / disabling view creation.
You need to set item level permission through event handler:
http://www.chakkaradeep.com/post/SharePoint-ndash3b-Setting-Item-level-permission.aspx
http://msdnvietnam.net/blogs/quang/archive/2009/07/02/sharepoint-eventhandler-set-item-level-permission.aspx
#Ashish, in SharePoint 2007 GUI you cannot make a query that will show documents that belongs to a specific group, however CAML specification supports it (Membership tag), it wasn't documented until SP2010, but it works on SP2007 (i'm using it)
However this involves custom coding and this doesn't assign permissions automatically, it just enables you to filter documents by groups.
For a solution without custom coding you could consider making a seperate folder/list for every person/group and set permissions to folder/list accordingly. This will also help performance - it's better to have permissions set on high-level container than having fine grained permissions (i'm just assuming that, because i read everywhere that mass fine-grained permissions are bad for performance)
You may use current user filter web part to filter the document by whom logged in into the sharepoint site by passing the value Dispaly Name
Is it possible to implement a custom permission level that allows a user to modify the properies of a document, but not the document itself? If so, any hints on how to do it?
Larsi
I think it is not possible to assign column level permissions in a default implementation of Sharepoint. However, it should be possible to do it using custom solutions. Have a look at this article http://www.infoq.com/articles/Dressel-Gogolowicz-wss-security. I have not tried it though.
Is there a way to limit the "edit item" permission in WSS 3.0 to only allow a user to edit his own documents or list items? We need the ability for a user to edit only documents/list items he creates - NOT items that someone else created. So, essentially we need a sub-set of the EDIT permission as well as ADD.
Is this possible in Windows Sharepoint Services 3.0? Is there a way to create custom permissions in code or a feature?
WSS has a basic UI for setting item-level permission on list items, but they hide that from the UI for document libraries. If you go into Settings->List Settings->Avanced settings for a list, you'll see the options to do pretty much what you're asking for. However, on document libraries, that UI is not available. The settings it drives, though are avaiable via the object model.
You could set those same properties for a document library like this:
SPDocumentLibrary onlyOwnLib = theWeb.Lists["DocLibName"]
onlyOwnLib.WriteSecurity = 2;
onlyOwnLib.Update();
And that should about do it. However, apparently that doesn't really set permissions; it just controls what the user can do via the UI. If they had another interface to the library (like via WebDAV) or list (like via the web services), it wouldn't prevent them from editing items they didn't create. If you want true item-level permissions, I think you need to go the event handler route.
This post from Matt Morse explains it in more detail, and he even wrote a command line tool to set the property (plus the .ReadSecurity property) for lists and libraries.
If you added an event handler to the document list you should be able to limit edit rights on that item to the user that created the item.
I often have to copy documents from another system into a list in SharePoint, and in that case the edit rights will be assigned to the system user that transfered the document, unless you use the approach suggested by Kirk Liemohn here
Note that item level permissions on large numbers of documents increase the load on your SQL server quite a lot.
here is the solution for your request.
go to the list -> list settings -> Advanced Settings
you will see the section of
Read access: Specify which items users can read
All items
Only their own
Edit access: Specify which items users can edit
All items
Only their own
None
select the options based on requirement. that's it done..
wanna more click on http:// mastermoss.wordpress.com
This is an old question, however the problem still exists.
A way that has worked well for me in the past is to use a workflow to configure the permissions when the library item is added.
See http://www.sharepointusecases.com/index.php/2010/03/configure-item-level-permissions-for-document-libraries-part-2/ for details.
I believe that permissions like that can be created through the user interface. It depends on the scale and number of list items you have, but you could do one of two things. First (without having to create scripts) you could give everyone a custom "Read" permission access which would not allow them to do everything you can in in the Read permission but allow them to Add Items. Then on an item-by-item basis, click the item -> manage permissions -> (Give the specific user Contribute permissions on their document).
If you're creating a SharePoint list that this will not be practical, you can create a script to traverse through all items, and will verify the user has contribute permissions (otherwise it will set the contribute permission to that user).
Additionally, you could just give each person their own folder.
Give everyone read permissions on the SharePoint list/document library, but give each person full control privileges over their own folder. This will allow everyone to read everything in a list, but create/edit their own documents.
If you want the 'Only their own' permission on a document library, it isn't there out of the box. But I've created a solution at CodePlex that adds this for Document Libraries - check it out at http://moresharepoint.codeplex.com.