Can i program custom base permission level? There are many available in SPBasePermissions like
UseRemoteAPIs Use SOAP, WebDAV, or Microsoft Office SharePoint Designer 2007 interfaces to access the Web site.
ViewFormPages View forms, views, and application pages, and enumerate lists.
ViewListItems View items in lists, documents in document libraries, and view Web discussion comments.
However i want to make a custom one, something like:
EditItemsAssignedToMe + ViewItemsAssignedToMe + view/edit items i created.
Still finding my way out to allow users view and edit items created by them or assigned to them.
OOTB you don't have the fine-grained control and can only assign a certain set of permissions as defined on technet and this blog article.
However programmatically you can create a new SPRoleDefinition and assign it the appropriate permissions based on the SPBasePermissions enumeration as per this blog article. You might also want to read this short guide on the basics of SPBasePermissions.
If you want to go even further though and emulate the OOTB behaviour with your own custom permission set try Implementing Custom Security Rights in SharePoint.
Related
We just created a rather complex power app which will be used by numerous users (in the company). Although there will be a small team who will handle over viewing the inputs from these users.
The goal is to restrict the users to go into the sharepoint site and delete or edit any records which them or others created. We cannot use any other datasource only sp lists.
I tried creating permissions for specific groups but they don't seem to be working properly.
thank you for your help in advance
Take a look at item level permission on SharePoint, I believe this is what you need
In addition Take a look here as well.
Follow below process:
Create two groups in SharePoint site - Admins and Normal users
On item creation in SharePoint list, run a Power automate flow which will grant Full control access to Admins and only Read permissions to normal users (or just the user who created list item - as per your requirements).
Follow below article for setting permissions for individual list items using power automate: Set Item Level Permission in SharePoint List using Power Automate
What are the minimum SharePoint 2010 permissions required to allow a user to personalize a web part page, allowing updates and adding web parts to the page but completely restrict the user modifying the shared version?
I initially copied the built-in “Read” permission level and added the “Manage Personal Views”, “Add/Remove Personal Web Parts” and “Update Personal Web Parts” permissions from the Personal Permissions group. This custom permission level was then applied to a user who then viewed a web part page created by the Administrator, which contained only a very simple prototype SharePoint web part. This web part contained a modifiable label which was edited using the “Miscellaneous” section from the Edit Web Part from the standard SharePoint chrome.
With the custom permission level applied the “Miscellaneous” option it is not available to the user upon personalizing the page and selecting Edit Web Part. The “Miscellaneous” option only becomes available to the user when the permission level is further modified to have the “Edit Items” from the List Permissions group. This has the undesired effect of allowing the user to be able to modify the shared version of the page.
Is what I’m trying to achieve even possible?
Many thanks
Check this out: http://akifkamalsyed.wordpress.com/2011/01/17/personalizable-web-part-custom-property-not-shown-for-users-with-contribute-permission-level/
It's probably because you don't have a safecontrol for the webpart with the attribute SafeAgainstScript
I have a dnn site that allows users to have child portals. The child portals are either basic or advanced. The advanced portals is basically unrestricted. However the basic portals should be restricted to only being able to change the content provided to them but not being able to add any pages or modules. Is that possible? Is there a security module that will aid in that?
Your description of basic portal security is possible to implement in DNN's role based access control.
The role assigned to the users:
should not have page-level edit
permissions
should have edit
permissions to selected modules
The problem is how to conveniently assign these permissions to new pages.
I recommend creating template pages first with the correct permissions, and then copying new pages from these templates. It is also possible to make a helper application for this copying. DNN API and the IPortable interface help here, but my experience is that with 3rd party modules you'll often need to implement the copy functionality yourself.
You can hide the control panel (ribbon bar) from Module Editors who are not Page Editors. This can be done from the Admin - Site Settings:
I'm working on a branding site that allows anonymous users. By default it allows read access too all lists and libraries.
There are a few forms that gather information, and I want to allow anonymous users to add data, but they should not be able to view the list. I don't see any concept of 'deny' permissions.
This doesn't apply to all lists, just a few.
How is this done?
Thanks.
Edit
hmm, looks like on publishing sites that anonymous access to the forms sections is disabled by default.
http:///Lists//AllItems.aspx gives me a 401 unauthorized. That's good! Any danger here that I'm not aware of?
You can hide the list also, you can break inheritence on the list and assign custom permissions
I am developing a sharepoint 2010 visual webpart that will show some sort of ajax content.
I have a property on the webpart for the refresh rate, but I want this property to be set only by an Administrator (or any specific group).
What is the best way to achieve this?
Thank you.
In our organization, everyone by default is granted "Read" permission to our SharePoint sites through an "All Employees" Active Directory group. This allows users to browse the pages, but not edit them; and if you can't edit a page, you can't edit any web parts on the page.
Those who should have elevated privileges are added to other AD groups (you could use SharePoint groups too), and those groups are granted appropriate permissions.
You could create a custom Toolpart. Take a look at this example for a tutorial on how to create one.
Overall, your general steps will be:
Create your custom Toolpart class inheriting from Microsoft.SharePoint.WebPartPages.ToolPart
In your custom Toolpart, override CreateChildControls, write the code to display your textbox as long as the current user has permission (based on whatever rules you choose, ex: SharePoint group).
In your webpart, override GetToolParts and add your custom ToolPart so that it shows up in the right hand side