( Regarding Moss 2007 )
i have created a sharepoint list in which one column is called user assigned - this is a lookup column of type - people and group.
i select the users from active directory to enter this field of the list.
So different items in this list have different users assigned
I have create permissions for this list to be read and write to the users in active directory .
so that when a particular user logs in to the sharepoint website with his credentials. he has read and write access to the list.
Now is there any way available in sharepoint by which the user do not see the whole list when they login to the website . He only sees the items of the list which the user assigned field is him only.
If the permissions are indeed setup right, you only have to go to List Settings, Advanced Settings, Item-Level Permissions and on "Read access: Specify which items users can read" you define their own.
If the users are not the creators of the items, you need to go to List Settings, Views (at the far bottom), modify the All Items View (or w/e you have as default), go to the filter section and add a filter like: "Show items only when the following is true", "Show the items when column" Assigned To is equal to [me]
I've been implementing such solutions for some while. It is possible, but
it takes much work to be done
if used in long term and/or the amount of data is large, this will hit performance
If none of these is a problem for you, then you can:
create code which performs BreakRoleInheritance() on the item, then adds ViewListitems permission for the user in "user assigned" column. You can find example code, for instance, here: http://social.msdn.microsoft.com/Forums/en/sharepointecm/thread/581e456c-db3c-44f1-b958-a824d95a2536 (or search in Google for "SPPrincipal" and "SPRoleAssignment" for more info)
make this code be called whenever the item is added or updated (you have to wait for the "-ed" events, because in the synchronous version of these events you can't change the permissions yet, for instance in "ItemAdding" there is no item created yet). You can achieve this by adding an event handler to the list.
Related
We have SharePoint Online site with list. Users can add, edit and delete own items in this list.
How I can resolve new issue - Users can't edit and delete own items older than one week (from creation date).
Is it possible without coding Remote Event Reciever or Azure function?
Per my knowledge, there is not an OOTB way to achieve it, we have to write some custom code.
If you only want to the user can't see some items in list view base on some condition, we can use list view Filter to achieve it. Note:User also access item form through URL.
I suggest you use remote event receiver or azure function to achieve this requirement.
In classic site, we can also add some JavaScript code into master page to prevent users access edit form page and hide the delete button in the page.
For this kind of requirement the solution which is 'no code' and with SP online is Power automate (previously MS Flow).
The best option in Your case would be to create a recurring flow which for example starts every day at 00:10 AM -> please see MS docs with description how to do this.
The Flow should get all items from a specific list for a specific site. You can do that with the 'Get Items' step. After that You can use the 'Apply to each' Step to check each item creation date with a 'Condition' Step. When some item will be older than one week You can use additional steps to break permission inheritance on item and remove all groups from permissions on this item or change the permissions on item from edit to read. Here I found an interesting article where are some predefined steps shown how to remove all permissions, remove and add a group. To tell You the truth I was not aware there already are this kind of steps in Power automate (maybe something new :) ) .
I would use SharePoint HTTP request and use SharePoint API to remove permissions on item and change some group role from edit to read. So I would do a similar procedure like here the only difference is not to break permission on all list but just on a specific item which I would get by ID. You can do all of those API request with a 'SharePoint HTTP request' Step
Please be aware there usually is a 5 000 unique permission levels threshold (50 000 is in on-prem) in list (place check here for latest info on limits in SP Online). So a better option would be to create a folder with view only permissions for the users before and when an item is older than one week You could only move this item to that folder also with Power Automate. That way all the files (items) in this folder would be read only and You would have only one unique item scope in this list and not as many as the old items.
Some other options You could use are:
Also code solution, but not RER and Azure function, would be to create a console app that uses CSOM to look through items in this list and either breaks permission on each item or moves to a folder (like the flow) and schedule this CSOM app on some local or remote server in Task Scheduler... Of Course You would need some local (or other) server for it which is always up and running :)
If You would like to use some 'little coding' and by any chance You are still using classic UI (not modern) You could use JSLink attached to CT or some column like Title and block editing of fields in edit forms etc (this is not the best option as always the users may create a view without a columns with this JSLink and go around this or modify the item using CSOM or Rest API)
You might consider using PowerApps (In case you have it configured in your subscription) to customize the edit form,
Then you use the validate() method, and disable a user from submitting the form in case ("Created" + 7 days) <= Today() or something like that.
I'd like to "hide" certain documents from certain users in all places where lists are displayed. That is, the list of documents will be different for different users. For example, for user1 I want to hide documents containing "abc" and for user2 I want to hide documents containing "def".
Is there a SharePoint web part (or something) that I can deploy which will execute some code that can filter the list for all of the sites? Ideally, this "solution" would take as input a list and a username, and would return a subset of the list. And SharePoint would only display the filtered list. Also, for performance reasons, the input should not be the entire set of documents in the list, but rather just those that are displayed.
Also, I understand that one possible way to accomplish this is via permissions on the documents. Unfortunately, permissions is not something I can take advantage of as the documents have to be, in essence, public.
Also, to be clear, I am not asking about what the code should like like that does the filtering (although examples might be helpful), but rather if there exists a mechanism to accomplish the type of filtering I need.
Thanks for your help,
Eric
the best solution is absolutely permissions but if you cant use it, you can use audience targeting. go to your document library settings and enable audience targeting. after enabling, you will have audience target field in your documents.
you can have more info about audience targetting here http://technet.microsoft.com/en-us/library/cc261958.aspx
if this is not what you are looking for, you can create custom views on your library and create filters by using [Me] parameter for current user. e.g. you can create a multiple user field and write the names of people you dont want to see that document. after that you can create a view with a filter [Me] is not on that field. But you can not deny users access to document if he has permission on the document and knows the url of document.
I'm a coldfusion developer, and I've been asked to rewrite a coldfusion application for SP 2010. I have no SP experience, but I'm now the SP admin.
My application is a waiting list for customers that enter a service center. The customer is entered into a List that tracks the following:
Name
Location (drop-down list of physical store locations. no multiple/custom values)
Check-In Time (timestamp for when customer was added to list)
Service Required (drop-down list, not allowing multiple or custom values)
Staff Member Requested (option, user select box)
Time Seen by Staff (timestamp when list item edit begins)
Seen By Name (name of user that edited record)
Time Finished with Staff (timestamp when list item edit is saved)
There are a few pieces of functionality that I don't know how to build into this list.
1
The records on the list view must be automatically filtered by the location column. The location to be viewed should be based upon the users group membership. (one group per location)
The Time Seen date/time field must be a timestamp that occurs when the list item is opened for editing.
The Seen By name must be automatically entered when when the user opens the list item for editing.
The Time Finished timestamp must be automatically entered when the user saves the list item after editing.
I don't expect anyone reading this to create this for me, but I would truly appreciate any tips, suggestions, or tutorials you can point me towards that will help me to accomplish these goals.
You will have to create such a list with the SharePoint Administration. You have several possibilities to do this. You can build them in you web browser using your SharePoint Site with the necessary rights, you can use the Microsoft SharePoint Designer (similar, less functionalities but in my opinion easier to use) or you could deploy the list after you built it in Visual Studio (best solution if you want to deploy it on more than one server or you want to change your list afterwards, but difficult).
There are some things you have to know: A list manages one or more content types. A content type is a collection of columns that contain the types (and more information) of your data. There are templates for content types and columns, but you will have to create your own content type and maybe some new columns as the templates might not be enough for your demands.
I'm not sure how to manage your first point. There is definitely a solution but I'm beginner, too.
The other 3 points could be managed by workflows: You can define workflows for a list, that do things after an item of your list is created or edited. I'm not sure if this will be useful for your 2nd point.
Another possibility would be to build a webpart, but that wont be a solution for a coldfusion project as I think. In a webpart you could handle all the interaction that are made by an user and change your list item individually.
A third way is to build an event receiver (using Visual Studio) for your list, but then you would have to build your list with the help of the VS as well.
I'm sure that won't answer all your questions but I hope you have some directions that you can inform about.
How do I create a different users category? (more restrictive - with view only properties)?
How do I create a View - only for this category of users?
I need to group some users into a view only category and then assign only ONE view to this group, so they can not see everything that is in my list.
SharePoint, so far, does not give the option to restrict access at cell level so I need to go around this and create a view for this group, with the condition that all that they can see is this View (and they should not be able to add columns to this view).
Thanks.
Considering that you want to restrict the List View to only specific set of users. You have the following options
Doing it in the SharePoint UI but not suitable if you have lots of item and you want to do it for a SharePoint Group.
Open Source - CodePlex Good one I have tried it - It has got what exactly you want Column level restriction
Third Party in case if you feel to spend $ - Seriously I didn't try this tool.
Another Option to do it in SharePoint UI - Quick solution but - Wont prevent user from creating their Own Views.
As MSDN states, then WriteSecurity has 1 of 3 states possible:
1 — All users can modify all items.
2 — Users can modify only items that
they create.
4 — Users cannot modify any list
item.
But if I want behavour nr. 2 plus users can modify items that are assigned to them? Well if I grant a user full permissions (put in owners group) for list, then those can edit any item (not good). So why wouldn't it work by setting item level permission "full control" just for AssignedTo user (good)? I did, but that didn't help - access denied.
I want exactly the functionality as stated in question "Automatically set list item permission, after new item is created", quoting:
Every users (Supervisor and team members) can see any tasks.
Supervisors can edit any tasks
Team members can only edit their own tasks (tasks that were assigned to them, or created by them)
but although answer has been accepted, the solution does not provide a way for users to edit items assigned to them or items created by user.
Help is appreciated, thank You!
Your only way to do this is using Item-Based Permissions. E.g. have a Workflow or Event Handler change the permission on each file/object based on your requirements.
The solution you quote from the other task is simply setting 2 for SPList.WriteSecurity which still doesn't give users the possibility to edit something they have not created, but were assigned to - in this case you will need to give these users permission, e.g. by listening on the "Assigned To" field with an Event Handler (OnItemUpdated) and give the respective person the needed permission.
Furthermore the solution talks about just setting higher permissions for the users who should always be able to edit items (managers), which is a solution, but you do not have the granularity you usually want in situations like these.