i need to fire an event (or start a workflow) when the permissions of a List-Element (ListItem) have been changed. "ItemUpdating" / "ItemUpdated" won't fire (since the ListItem itself is not updated, i suppose), so how can it be done?
I'm afraid that is not possible.
Maybe you can take another approach: build an alternate way for users to change the permissions of an item. When the user applies the permissions (using the UI you've built), you can trigger an event, or start a workflow.
Going further, you could replace the default "Manage permissions" option in the ECB and replace it with a link to your custom permissions management UI. More information: http://www.helloitsliam.com/archive/2007/08/10/moss2007-%E2%80%93-item-level-menus-investigation.aspx
Related
Business Case :
Every time Permission Inheritance is broken, I need certain custom things (through code) to happen on my SharePoint environment.
Details: If user clicks on Site Settings -> Site Permissions -> "Stop Inheriting Permissions", I need a custom code called so that certain actions can be performed like changing the group name, make an entry in the global list etc...
Image : http://i.stack.imgur.com/z2eo6.png
Even Receivers are not new in SharePoint 2013. They did exist in previous versions of SharePoint. But they are still limited and I could not see one which gets triggered with users' action of clicking that button i.e. Stop Inheriting Permissions. I can capture "Updated" event and check programmatically if permission inheritance was broken but that will fire every time which to me is dirty solution.
If above is not possible then what are other possible alternatives ?
One I know is - Hide "Stop Inheriting Permissions" and create a custom one which will let me achieve above Business Case. But I want to minimize custom coding as much as possible.
Found out an answer the same day I posted the question.
SharePoint does offer class SPSecurityEventReceiver which has required Event Receivers.
(1) InheritanceBreaking (2) InheritanceBroken (3) InheritanceReset in my case.
Hope that helps someone !
I'm trying to find what is the permission security for allowing visibility of the Alias function in the Presentation tab ribbon.
For the user in question i've browsed to the core database, and under Access viewer, i'm looking that all the items under Applications/Content Editor have read-enabled permissions, specifically the item /sitecore/content/Applications/Content Editor/Ribbons/Strips/Presentation/Page Urls as well as /sitecore/content/Applications/Content Editor/Ribbons/Chunks/Page Urls are read-enabled
However, when login as this user there is no presentation tab.
I've tried resetting the cache and still nothing changes. I'm using sitecore 6.5.0
I think you are almost there, but you still need to give the user sufficient access to the /sitecore/system/Aliases item.
Create a new role(or use an existent one), for example sitecore\Sitecore Client Aliases. Use this role to add the following permissions.
Switch to the Core database and allow Read permission for the /sitecore/content/Applications/Content Editor/Ribbons/Chunks/Page Urls item and its descendants
Switch to the Master database and unprotect the /sitecore/system/Aliases item by using the Unprotect Item checkbox in the Configuration tab.
Allow Read, Write, Create permissions for the /sitecore/system/Aliases item and Read, Write, Create, Delete permissions for its descendants.
Protect the /sitecore/system/Aliases item back.
Add user to the sitecore\Sitecore Client Aliases role.
Found here: http://wiki.evident.nl/Sitecore%20alias%20role.ashx
The easiest way to enable the presentation tab is to use a sitecore standard role.
I'm not totaly sure but i asume it was sitecore\Sitecore Client Designing.
And as far as i know you have to use those standard roles to enable access to certain chunks.
Try using the Access Viewer for the user which doesn't see the Alias Tab. You can manually switch to the core database and then click on the different tabs with the specified user / role to see what causes this behavior. Most of the times you will find out that some role / restriction was set to a higher level item dat denies read rights.
How can I disallow adding item or document to a list or document library? Due to some other feature scenario I cannot break role inheritance and have custom permission set for the list. Today, we restrict the addition using event handler (Item adding) – but this leads to poor UX.
Is there a way to have Role inheritance for a list and still have a base permission mask? Something like, allow everything that parent web offers but not X,Y,Z. Breaking role inheritance in the traditional way introduces the problem of explicit User and role management. Having a SPGoup hold an another SPGoup could help here, but that too is not possible. Let me know your suggestions.
I think you are asking to allow a user to have add permissions to the list but not actually be allowed to add to the list. Event receiver is going to be the best way. The only other solution I can think of is to use a custom item form that will do the check.
You can solve your problem by creating a webpart with the below functionality.
Identify the logged user is in admin group. If he is not in that group ganarte a javascript alert that "you have no permission for add new item" and redirect to (location.href="") allitems.aspx page.
And place this webpart in Newform.aspx page.
(add &toolpaneview=2&sharedview=true in in Newform.aspx url for editing page)
Hope this helps. Let me know if you need more help.
Create an IHTTPModule and subclass the context AuthenticateRequest event.
In the AuthenticateRequest routine you can inspect what type of action is happening and then redirect the user to the SharePoint "Access Denied" page. This is exactly how SharePoint does this functionality so the UX experiance would be the same.
If you want my opinion I would go with the way SharePoint handles permissions out of the box and break role inheritiance. Sure it will add new complexities to your life. But, I think you can better manage these complexities with the SharePoint Admin Toolkit and some custom built utilities for managing permissions. I think that is a better solution than what you are trying to do.
Am I missing something here when I suggest: Just hide the toolbar (or specific button) in the view page? That's an painless CSS hook done in the view page or SharePoint Designer
If you are using a custom List Template, you could create a custom View Toolbar Template. However, you probably will not want to use this on an OOTB List Template and it doesn't look like this will work on an existing list.
Even if you implement this, I would still leave the Event Receiver in place in order to prevent URL spoofing.
Is there a way to limit the "edit item" permission in WSS 3.0 to only allow a user to edit his own documents or list items? We need the ability for a user to edit only documents/list items he creates - NOT items that someone else created. So, essentially we need a sub-set of the EDIT permission as well as ADD.
Is this possible in Windows Sharepoint Services 3.0? Is there a way to create custom permissions in code or a feature?
WSS has a basic UI for setting item-level permission on list items, but they hide that from the UI for document libraries. If you go into Settings->List Settings->Avanced settings for a list, you'll see the options to do pretty much what you're asking for. However, on document libraries, that UI is not available. The settings it drives, though are avaiable via the object model.
You could set those same properties for a document library like this:
SPDocumentLibrary onlyOwnLib = theWeb.Lists["DocLibName"]
onlyOwnLib.WriteSecurity = 2;
onlyOwnLib.Update();
And that should about do it. However, apparently that doesn't really set permissions; it just controls what the user can do via the UI. If they had another interface to the library (like via WebDAV) or list (like via the web services), it wouldn't prevent them from editing items they didn't create. If you want true item-level permissions, I think you need to go the event handler route.
This post from Matt Morse explains it in more detail, and he even wrote a command line tool to set the property (plus the .ReadSecurity property) for lists and libraries.
If you added an event handler to the document list you should be able to limit edit rights on that item to the user that created the item.
I often have to copy documents from another system into a list in SharePoint, and in that case the edit rights will be assigned to the system user that transfered the document, unless you use the approach suggested by Kirk Liemohn here
Note that item level permissions on large numbers of documents increase the load on your SQL server quite a lot.
here is the solution for your request.
go to the list -> list settings -> Advanced Settings
you will see the section of
Read access: Specify which items users can read
All items
Only their own
Edit access: Specify which items users can edit
All items
Only their own
None
select the options based on requirement. that's it done..
wanna more click on http:// mastermoss.wordpress.com
This is an old question, however the problem still exists.
A way that has worked well for me in the past is to use a workflow to configure the permissions when the library item is added.
See http://www.sharepointusecases.com/index.php/2010/03/configure-item-level-permissions-for-document-libraries-part-2/ for details.
I believe that permissions like that can be created through the user interface. It depends on the scale and number of list items you have, but you could do one of two things. First (without having to create scripts) you could give everyone a custom "Read" permission access which would not allow them to do everything you can in in the Read permission but allow them to Add Items. Then on an item-by-item basis, click the item -> manage permissions -> (Give the specific user Contribute permissions on their document).
If you're creating a SharePoint list that this will not be practical, you can create a script to traverse through all items, and will verify the user has contribute permissions (otherwise it will set the contribute permission to that user).
Additionally, you could just give each person their own folder.
Give everyone read permissions on the SharePoint list/document library, but give each person full control privileges over their own folder. This will allow everyone to read everything in a list, but create/edit their own documents.
If you want the 'Only their own' permission on a document library, it isn't there out of the box. But I've created a solution at CodePlex that adds this for Document Libraries - check it out at http://moresharepoint.codeplex.com.
We have a SharePoint Team Site (WSS 3.0 not MOSS), that includes Tasks list to records every tasks related to a project. Here's the scenario.
Users :
List item
Supervisor1
TeamMember1
TeamMember2
TeamMember3
How do we set the permission settings so that
Every users (Supervisor and team members) can see any tasks.
Supervisors can edit any tasks
Team members can only edit their own tasks (tasks that were assigned to them, or created by them)
I was unable to achieve the intended results using standard WSS permission settings, without resorting to manual permission settings on each item in the list. I'm imagining that the automatic solution has to be accomplish using some sort of workflow or trigger.
you do not need any workflow or event handlers ( still you can use them for your purpos but they will slow down the performance if you will be having a lot of items)
go to setting --> list settings
click on Advanced Settings
in Item-level Permissions in read access select all items
and in the same place in Edit access select only their own
and in permissions give list members a contributer role
for the suppervisor you can give him higher permission i think designer will work, or simply you can give him full controle on the list
You can set permissions by going to your List, click Settings dropdown. Under Permissions and Management, click "Permissions for this List". Click Actions and select Edit Permissions. Select the User/Group you want the permission to be changed then Click Actions & select Edit User Permissions.
HTH!
Create a class that inherits from SPItemEventReceiver and override the ItemAdded method, setting your custom permissions in the overriedden method using the API.
http://blogs.msdn.com/brianwilson/archive/2007/03/05/part-1-event-handlers-everything-you-need-to-know-about-microsoft-office-sharepoint-portal-server-moss-event-handlers.aspx
Yes, you would have to write an event handler or workflow that will run upon item creation which would look at these column values and set the item level permissions as such.
I recommend you to check this solution: SharePoint Column/View Permission by SharePointBoost (199$)
Through this you can set read only permission to people you want on all the items, Your requirement "Every users (Supervisor and team members) can see any tasks" is solved!
Also you can set edit permission to Supervisors. Second trouble solved!
As Ali said, advanced permission>items level permission can fulfill your last requirement.
It seems that you need a workflow to automatically assign permissions based on the user roles or [Assign To] fields.
Try the third-part tool Permission Workflow, this may help you to solve the issues.