I'm developing a sharepoint 2010 application. One Part of these application is a List of items.
ListCollumns: Title, Owner1, Owner2
The user should be able to create ListItems and to set the items owners (Owner1, Owner2). After creating the item, only the owners and the Administrators should be able to change it.
My ideas:
working with a event receiver that deletes all permissions on the new item after creating it and setting new permissions to Owner1 and Owner2 (Problems I expect: I'm working in a Sandboxsolution and I think I can't set permissions in it)
Creating a timejob which execute a powershell everyday. The powershell will delete and create the permissions (Problem: I think the script needs high permissions and it isn't exact if it just run one time per day)
my question is: does any one have an idea how to solve the problems or if there are different solutions how to solve this problem?
Thanks a lot!!!
I have done what you describe using an Event Receiver a couple times before. It worked great. Each time, the Event Receiver was part of a farm solution. But it should work in a sandbox solution as everything you need is marked as "Available in Sandboxed Solutions: Yes"
SPListItem.BreakRoleInheritance Method
SPSecurableObject.RoleAssignments Property
SPRoleAssignmentCollection.Add Method
SPRoleAssignment Class
Using SharePoint Designer with SPD Activities custom actions, you can set the permissions with a workflow that fires after the item is created: Link
Related
I am trying to create a quiz that users can take in SharePoint to test their knowledge. I can do this by creating a custom list with calculated fields to work out whether they have passed or not.
This is fine but the issue comes in making sure that users cannot see other user's completed quizzes too. I see you can tick the option of 'Read items that were created by the user'. How can I make sure then that I can see all items created by all users in this list?
I am new to SharePoint so any help would be great.
Thanks in advance
What you're doing is setting item-level permissions. Options such as "Read items that were created by the user" and "Create items and edit items that were created by the user" only apply to users with Contribute or Edit permissions. They do not apply to users with at least Design permissions.
So, to see all items created by all users in this list, make yourself a Designer or an Admin.
Business Case :
Every time Permission Inheritance is broken, I need certain custom things (through code) to happen on my SharePoint environment.
Details: If user clicks on Site Settings -> Site Permissions -> "Stop Inheriting Permissions", I need a custom code called so that certain actions can be performed like changing the group name, make an entry in the global list etc...
Image : http://i.stack.imgur.com/z2eo6.png
Even Receivers are not new in SharePoint 2013. They did exist in previous versions of SharePoint. But they are still limited and I could not see one which gets triggered with users' action of clicking that button i.e. Stop Inheriting Permissions. I can capture "Updated" event and check programmatically if permission inheritance was broken but that will fire every time which to me is dirty solution.
If above is not possible then what are other possible alternatives ?
One I know is - Hide "Stop Inheriting Permissions" and create a custom one which will let me achieve above Business Case. But I want to minimize custom coding as much as possible.
Found out an answer the same day I posted the question.
SharePoint does offer class SPSecurityEventReceiver which has required Event Receivers.
(1) InheritanceBreaking (2) InheritanceBroken (3) InheritanceReset in my case.
Hope that helps someone !
I'm trying to make a SharePoint workflow start automatically for any new document that is uploaded to a specific doc library. I've configured the workflow in SharePoint Designer to auto start for new documents or changed documents. However, the workflow never starts automatically! I can run it manually, but it won't execute itself.
I've searched around and have found the core issue, which is reflected in my log:
"Declarative workflows cannot automatically start if the triggering action was performed by System Account. Canceling workflow auto-start."
However, all the fixes I've seen have not worked for me. A common solution is to not run or create the workflow as the SharePoint System Account. Well, my SharePoint service accounts are not the ones I'm logging in as to upload my documents nor was it the one I used to create the workflow. I've tried editing & re-publishing my workflow as a totally new account and it still won't auto-start.
Just focus on two things:
Workflow will never start automatically with system account.
Check the options Start workflow automatically when an item is created or changed from Workflow Start Options.
While publishing the workflow, u need to select the checkbox Start workflow automatically when an item is created or changed for the workflow to start automatically or else whatsoever the WF will not start automatically.
Instead of using Sharepoint system user account, u could use an account having contribute permission on site level and full control over the library
Run the command at the server in powershell
stsadm.exe –o setproperty –propertyname declarativeworkflowautostartonemailenabled –propertyvalue yes
After I did that, the workflow runs perfectly although it shows the created by as being "system account".
Does anyone know of a way to prevent access to, or highlight, a specific day in a Sharepoint calendar? The intent is to show which day(s) are not available for a given task.
I have already fashioned a Workflow that would email a user, but it needs to be visual as well - people need to see at a glance what days are avaiable.
Any have any ideas? I'm running on SBS 2008 with WSS 3.0 .. I also have Sharepoint Designer 2007 installed, if it can be leveraged.
Personally, I would do this by creating a new event receiver to run on the calendar. This event receiver should run on new / updates, and should configure item level permissions for any event on that specific day. If you break the item's permission inheritance, and remove read access to all items on that day, no one would be able to see the task.
Obviously, always be very careful when working with item level permissions.
We have a SharePoint Team Site (WSS 3.0 not MOSS), that includes Tasks list to records every tasks related to a project. Here's the scenario.
Users :
List item
Supervisor1
TeamMember1
TeamMember2
TeamMember3
How do we set the permission settings so that
Every users (Supervisor and team members) can see any tasks.
Supervisors can edit any tasks
Team members can only edit their own tasks (tasks that were assigned to them, or created by them)
I was unable to achieve the intended results using standard WSS permission settings, without resorting to manual permission settings on each item in the list. I'm imagining that the automatic solution has to be accomplish using some sort of workflow or trigger.
you do not need any workflow or event handlers ( still you can use them for your purpos but they will slow down the performance if you will be having a lot of items)
go to setting --> list settings
click on Advanced Settings
in Item-level Permissions in read access select all items
and in the same place in Edit access select only their own
and in permissions give list members a contributer role
for the suppervisor you can give him higher permission i think designer will work, or simply you can give him full controle on the list
You can set permissions by going to your List, click Settings dropdown. Under Permissions and Management, click "Permissions for this List". Click Actions and select Edit Permissions. Select the User/Group you want the permission to be changed then Click Actions & select Edit User Permissions.
HTH!
Create a class that inherits from SPItemEventReceiver and override the ItemAdded method, setting your custom permissions in the overriedden method using the API.
http://blogs.msdn.com/brianwilson/archive/2007/03/05/part-1-event-handlers-everything-you-need-to-know-about-microsoft-office-sharepoint-portal-server-moss-event-handlers.aspx
Yes, you would have to write an event handler or workflow that will run upon item creation which would look at these column values and set the item level permissions as such.
I recommend you to check this solution: SharePoint Column/View Permission by SharePointBoost (199$)
Through this you can set read only permission to people you want on all the items, Your requirement "Every users (Supervisor and team members) can see any tasks" is solved!
Also you can set edit permission to Supervisors. Second trouble solved!
As Ali said, advanced permission>items level permission can fulfill your last requirement.
It seems that you need a workflow to automatically assign permissions based on the user roles or [Assign To] fields.
Try the third-part tool Permission Workflow, this may help you to solve the issues.