Read all items when when item-level permissions set

I have a SharePoint 2010 list where the general user population should be able to submit and read only their own items.
Item-level permissions set as follows:
Read access : Read items that were created by the user
Creaed and Edit access : Create items and edit items that were created by the user
That works fine.
Now, I have a small group of power users that need read-access to all list items. I can do that by granting 'Contribute' permissions, but I don't want them to be able to modify items, so I prefer granting only read permissions. When I do that, they can't
see all the items due to the item-level permission settings.
Is there a permission level that I can use (perhaps a custom permission level) that enables a read-all (and overrides the item-level permission)?

With these specific settings, there are not. It is possible to do security through obscurity by only showing views that allow the users to see their items and use audience targeting for the others, but that is not true security, so it will depend on your
requirements.
Andy Wessendorf SharePoint Developer II | Rackspace [email protected]

Similar Messages

  • Always Get Edit Link When Item Level Permissions Set

    We've enabled item-level permissions in a folder, and all users receive the "edit folder" button, regardless of whether we've given them "manage" access. Turning off item-level permissions removes the edit link.
    Is this a known issue? Any workaround/solution?

    That's just a "feature" of item level security, I don't think Oracle has any plans to fix it in 3.0.9X they probably have resolved the issuse in 9.0.2 ..... If you really need it gone you can click "Edit Defaults" when editing the page, right next to the portlet and uncheck the box that says show "Show Edit Link".. But then you just taken away the easy ability of editing the items through the portlet and you have to go back to the Content Area to update anything.
    brad

  • Workflow not triggering when changing Item-level Permissions in Sharepoint 2013 list

    Scenario:
    We have a custom list in Sharepoint 2013 that we use for Case Management. We have a workflow that triggers on a created item generated from an email. The user then gets a reply with a link to his own case.
    I want the users only to be able to see their own cases and no one elses.  When I change this under
    Advanced Settings under List Settings and
    Item-level Permissions and set them to Read items that were created by the user
    and Create items and edit items that were created by the user
    the workflow doesn´t trigger.
    How can I resolve this? I've tried every possible out-of-the-box permissions but with no result. Help!
    Thanks in advance!
    // Browncreek

    When you're testing , remember you cant trigger declarative workflow from the System Account - you need a general user account for auto-trigger workflows.  Good luck!
    Chris McNulty MCSE/MCTS/MSA/MVTSP | blog http://www.chrismcnulty.net/blog | twitter @cmcnulty2000 Microsoft Community Contributor Award 2011
    Hi, I have the same problem. Except that I am not using an email to create a new item. The item is created by members of a SharePoint group that have Contribute access to the list. When use the same settings i.e.
    Read items that were created by the user and Create items and edit items that were created by the user,
    the workflow does not trigger. If I set it back to Real all items and Create
    and Edit all items, it triggers the workflow.
    Please help me resolve as I have rolled this out to pilot users and am having this trouble.
    Thanks,
    Vishal

  • "Attempted to use an object that has ceased to exist" error when opening list with grouping and item level permissions

    Hi All,
    I have a list with few items. If I break role inheritance for at least one item and try to open list view page, I receive this error:
    Attempted to use an object that has ceased to exist. (Exception from HRESULT: 0x80030102 (STG_E_REVERTED))
    This occurs only if view has GroupBy in query. If I remove grouping from view, then error disappears. But I need to have grouping in view as well as item level permissions.
    How can I achieve this? Is this some limitation?
    Any help will be appreciated.
    The full stacktrace:
    System.Runtime.InteropServices.COMException: Attempted to use an object that has ceased to exist. (Exception from HRESULT: 0x80030102 (STG_E_REVERTED))    
    at Microsoft.SharePoint.Library.SPRequestInternalClass.GetListContentTypes(String bstrUrl, String bstrListName, ISPDataCallback pXMLCallback)     
    at Microsoft.SharePoint.Library.SPRequest.GetListContentTypes(String bstrUrl, String bstrListName, ISPDataCallback pXMLCallback)
    System.Runtime.InteropServices.COMException: Attempted to use an object that has ceased to exist. (Exception from HRESULT: 0x80030102 (STG_E_REVERTED)),
    StackTrace:    
    at Microsoft.SharePoint.SPContentTypeCollection.FetchCollection(IList`1 exceptions)     
    at Microsoft.SharePoint.SPList.get_ContentTypes()     
    at Microsoft.SharePoint.SPCustomActionElement.QueryForToolbarButtons(SPWeb web, SPList list, SPListItem item, PAGETYPE pgtype)     
    at Microsoft.SharePoint.SPCustomActionElement.AddCustomToolbarButtons(SPWeb web, SPList list, SPListItem item, SPContext renderContext, PAGETYPE pgtype, ToolBar toolbarControl, WebPart webPart, Page page)     
    at Microsoft.SharePoint.WebControls.ViewToolBar.CreateChildControls()     
    at System.Web.UI.Control.EnsureChildControls()     
    at Microsoft.SharePoint.WebControls.TemplateBasedControl.OnLoad(EventArgs e)     
    at System.Web.UI.Control.LoadRecursive()     
    at System.Web.UI.Control.AddedControl(Control control, Int32 index)     
    at Microsoft.SharePoint.WebPartPages.DataFormWebPart.CreateChildControls()     
    at Microsoft.SharePoint.WebPartPages.XsltListViewWebPart.CreateChildControls()     
    at Microsoft.SharePoint.WebPartPages.WebPartMobileAdapter.CreateChildControls()     
    at System.Web.UI.Control.EnsureChildControls()     
    at System.Web.UI.Control.PreRenderRecursiveInternal()     
    at System.Web.UI.Control.PreRenderRecursiveInternal()     
    at System.Web.UI.Control.PreRenderRecursiveInternal()     
    at System.Web.UI.Control.PreRenderRecursiveInternal()     
    at System.Web.UI.Control.PreRenderRecursiveInternal()     
    at System.Web.UI.Control.PreRenderRecursiveInternal()     
    at System.Web.UI.Control.PreRenderRecursiveInternal()     
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     
    at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     
    at System.Web.UI.Page.ProcessRequest()     
    at System.Web.UI.Page.ProcessRequest(HttpContext context)     
    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)     
    at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)     
    at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)     
    at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)     
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     
    at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)     
    at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)     
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

    Does the site use any custom code? Not necessarily the task list but can be anywhere. If yes, ensure that current context SPWeb/SPSite objects are not being disposed off.
    This post is my own opinion and does not necessarily reflect the opinion or view of Slalom.

  • Item-level Permissions in List Advanced Settings

    Hi,
    Is the "Item-level Permissions" in List Advanced Settings, a security option or is it a way to filter data for the user?
    How does it work with the permission done on the item level when breaking inheritance with the list?
    thanks.

    I have imncluded snippet bewlow that can be sued to remove all permission and added the permissins you require
    #region "Methods"
    private void HandleNewManuscriptEvent(SPSite _site, SPWeb _web, SPItemEventProperties _properties)
    List<SPUser> Approvers = new List<SPUser>();
    List<String> DepartmentsOfInterest = new List<string>();
    String temp = String.Empty;
    SPUser itemOwner = null;
    //AREA FIELD NAMES
    List<String> ClinicalDevelopments = new List<string>();
    List<String> NonClinicals = new List<string>();
    List<String> NonClinicalMethodologies = new List<string>();
    List<String> Marketings = new List<string>();
    //CRITICAL FIELD NAMES
    String sFirstPresentation = String.Empty;
    String sBiosequenceData = String.Empty;
    String sChemicalStructures = String.Empty;
    String sDetailedFormulationData = String.Empty;
    String sBiologicsManufacturing = String.Empty;
    String sPharmacologyData = String.Empty;
    String sBOTOXFieldName = String.Empty;
    //LEGAL FIELD NAME
    String sLegalFieldName = String.Empty;
    //DUE DATE
    String sDueDate = String.Empty;
    //ACCESSION
    int iAccessionValue = 0;
    String sMonthValue = String.Empty;
    String sAccession = String.Empty;
    String sEventHandler = " Completed ";
    try
    this.DisableEventFiring();
    //this doesn't get elevated rights
    //SPListItem manuscript = _properties.ListItem;
    SPListItem elevatedManuscript = _web.Lists[_properties.ListId].GetItemById(_properties.ListItem.ID);
    SPListItem manuscript = _properties.ListItem;
    _web.AllowUnsafeUpdates = true;
    #region "Departments"
    try
    //AREAS
    #region "Clinical Development"
    temp = String.Empty;
    if (manuscript[this.m_sClinicalDevelopmentFieldName] != null)
    temp = manuscript[this.m_sClinicalDevelopmentFieldName].ToString();
    ClinicalDevelopments = this.GetDepartmentsFromAreaSelections(temp.Split(";".ToCharArray()));
    System.Diagnostics.Debug.WriteLine("Clinical Development count..." + ClinicalDevelopments.Count);
    //for each "Clinical Development" checked
    foreach (var clinicalDevelopment in ClinicalDevelopments)
    //disregard "None" selection
    if (!clinicalDevelopment.Equals("None"))
    DepartmentsOfInterest.Add(clinicalDevelopment);
    #endregion
    #region "Non-Clinical"
    temp = String.Empty;
    if (manuscript[this.m_sNonClinicalFieldName] != null)
    temp = manuscript[this.m_sNonClinicalFieldName].ToString();
    NonClinicals = this.GetDepartmentsFromAreaSelections(temp.Split(";".ToCharArray()));
    //for each "Non-clinical" checked
    foreach (var nonclinical in NonClinicals)
    //disregard "None" selection
    if (!nonclinical.Equals("None"))
    DepartmentsOfInterest.Add(nonclinical);
    #endregion
    #region "Non-Clinical Methodology"
    temp = String.Empty;
    if (manuscript[this.m_sNonClinicalMethodologyFieldName] != null)
    temp = manuscript[this.m_sNonClinicalMethodologyFieldName].ToString();
    NonClinicalMethodologies = this.GetDepartmentsFromAreaSelections(temp.Split(";".ToCharArray()));
    //for each "Non-clinical Methodology" checked
    foreach (var nonclinicalmethodology in NonClinicalMethodologies)
    //disregard "None" selection
    if (!nonclinicalmethodology.Equals("None"))
    DepartmentsOfInterest.Add(nonclinicalmethodology);
    #endregion
    #region "Marketing"
    temp = String.Empty;
    if (manuscript[this.m_sMarketingFieldName] != null)
    temp = manuscript[this.m_sMarketingFieldName].ToString();
    Marketings = this.GetDepartmentsFromAreaSelections(temp.Split(";".ToCharArray()));
    //for each "Marketing" checked
    foreach (var marketing in Marketings)
    //disregard "None" selection
    if (!marketing.Equals("None"))
    DepartmentsOfInterest.Add(marketing);
    #endregion
    //"CRITICALS"
    #region "First-Presentation"
    temp = String.Empty;
    if (manuscript[this.m_sFirstPresentationFieldName] != null)
    temp = manuscript[this.m_sFirstPresentationFieldName].ToString();
    if (temp.Equals("Yes"))
    DepartmentsOfInterest.Add(this.m_sFirstPresentationDepartmentName);
    #endregion
    #region "Biosequence Data"
    temp = String.Empty;
    if (manuscript[this.m_sBiosequenceDataFieldName] != null)
    temp = manuscript[this.m_sBiosequenceDataFieldName].ToString();
    if (temp.Equals("Yes"))
    DepartmentsOfInterest.Add(this.m_sBiosequenceDataDepartmentName);
    #endregion
    #region "Chemical Structures"
    temp = String.Empty;
    if (manuscript[this.m_sChemicalStructuresFieldName] != null)
    temp = manuscript[this.m_sChemicalStructuresFieldName].ToString();
    if (temp.Equals("Yes"))
    DepartmentsOfInterest.Add(this.m_sChemicalStructuresDepartmentName);
    #endregion
    #region "Detailed Formulation Data"
    temp = String.Empty;
    if (manuscript[this.m_sDetailedFormulationDataFieldName] != null)
    temp = manuscript[this.m_sDetailedFormulationDataFieldName].ToString();
    if (temp.Equals("Yes"))
    DepartmentsOfInterest.Add(this.m_sDetailedFormulationDataDepartmentName);
    #endregion
    #region "Biologics Manufacturing"
    temp = String.Empty;
    if (manuscript[this.m_sBiologicsManufacturingFieldName] != null)
    temp = manuscript[this.m_sBiologicsManufacturingFieldName].ToString();
    if (temp.Equals("Yes"))
    DepartmentsOfInterest.Add(this.m_sBiologicsManufacturingDepartmentName);
    #endregion
    #region "Pharmacology Data"
    temp = String.Empty;
    if (manuscript[this.m_sPharmacologyDataFieldName] != null)
    temp = manuscript[this.m_sPharmacologyDataFieldName].ToString();
    if (temp.Equals("Yes"))
    DepartmentsOfInterest.Add(this.m_sPharmacologyDataDepartmentName);
    #endregion
    #region "BOTOX"
    temp = String.Empty;
    if (manuscript[this.m_sBOTOXFieldName] != null)
    temp = manuscript[this.m_sBOTOXFieldName].ToString();
    if (temp.Equals("Yes"))
    DepartmentsOfInterest.Add(this.m_sBOTOXDepartmentName);
    #endregion
    #region "Legal"
    temp = String.Empty;
    temp = manuscript[this.m_sLegalFieldName].ToString();
    if (temp != null & temp != String.Empty)
    DepartmentsOfInterest.Add(temp);
    #endregion
    catch (Exception ex) { sEventHandler += ex.Message; }
    #endregion
    //SET DUE DATE
    DateTime dt = DateTime.Today.AddDays(1);
    sDueDate = dt.ToShortDateString(); ;
    //GET ALL UNIQUE APPROVERS
    Approvers = this.GetAllUniqueApprovers(_web, DepartmentsOfInterest, manuscript);
    //SET ITEM PERMISSIONS
    #region "Permissions"
    try
    String currentuser = _properties.UserLoginName.ToString();
    itemOwner = _web.EnsureUser(currentuser);
    //BREAK INHERITANCE
    if (!elevatedManuscript.HasUniqueRoleAssignments)
    elevatedManuscript.BreakRoleInheritance(false);
    //REMOVE ALL EXISTING USERS FROM ITEM
    foreach (SPUser user in _web.Users)
    //if user is NOT site owner and not current user
    if (!user.LoginName.Equals(itemOwner.LoginName))
    //remove all user permissions from item
    elevatedManuscript.RoleAssignments.Remove(user);
    #region "For Owner of Document/Manuscript"
    if (itemOwner != null)
    SPRoleAssignment sprole = new SPRoleAssignment(itemOwner);
    SPRoleDefinition siteRoleDefinition = _web.RoleDefinitions["Full Control"];
    sprole.RoleDefinitionBindings.Add(siteRoleDefinition);
    elevatedManuscript.RoleAssignments.Add(sprole);
    #endregion
    #region "For Approvers from meta data sheet"
    foreach (SPUser approver in Approvers)
    SPRoleAssignment sprole = new SPRoleAssignment(approver);
    SPRoleDefinition siteRoleDefinition = _web.RoleDefinitions["Approve"];
    sprole.RoleDefinitionBindings.Add(siteRoleDefinition);
    elevatedManuscript.RoleAssignments.Add(sprole);
    #endregion
    //REMOVE ALL GROUP PERMISSIONS TO THE SITE
    foreach (SPGroup group in _web.Groups)
    elevatedManuscript.RoleAssignments.Remove(group);
    catch (Exception ex) { sEventHandler += ex.Message; }
    #endregion
    #region "Writings out to list (Accession + EventHandler)"
    try
    iAccessionValue = this.GetNewAccessionValue(manuscript);
    if (DateTime.Today.Month.ToString().Length < 2)
    sMonthValue = "0" + DateTime.Today.Month.ToString();
    else
    sMonthValue = DateTime.Today.Month.ToString();
    sAccession = "M" + DateTime.Today.Year.ToString() + sMonthValue + iAccessionValue.ToString();
    //only add once. if there is a number in there, don't update.
    if (manuscript[this.m_sAccessionFieldName] == null)
    manuscript[this.m_sAccessionFieldName] = sAccession;
    //update file name to <accession number> <document type> Due <date needed>
    DateTime dateNeeded = Convert.ToDateTime(manuscript["DateNeeded"].ToString());
    manuscript["Name"] = sAccession + " " + manuscript[m_sPublicationTypeFieldName] + " Due " + dateNeeded.Month + "-" + dateNeeded.Day + "-" + dateNeeded.Year;
    manuscript["Editor"] = manuscript["Author"];
    manuscript[this.m_sEventHandlerField] = sEventHandler.Trim();
    manuscript.SystemUpdate();
    catch (Exception ex) { sEventHandler += ex.Message; }
    #endregion
    Hopethis helps please ping back the post and let usinw.....
    -Ivan
    Ivan Sanders My LinkedIn Profile,
    My Blog,
    @iasanders.

  • Problem with setting Item level permissions lists

    Hello!
    I have SPS 2013 on-premised environment with AD authentication.
    At some moment I've noticed that we have a problem with setting the item level permissions on any lists except the document libraries.
    When I click the "shared with" button I see a popup form with a list of users who have an access to that list but there is no "invite people" link or "Advanced" link. Moreover, the "loading" ring rotates
    instanly like some operation was'nt ended. 
    The same operation with documents in libraries works well.
    I am be grateful for any help!

    Hi Mischael,
    From your description, my understanding is that there were no "invite people" or "Advanced" link when some users clicked "shared with" button in some lists.
    This issue seems like about permissions. Please log on your site with site collection administrator or a user who has full control for the site, then go to a problematic list->List settings->Permissions for this list, check whether the list
    has unique permissions. Then click "Check Permissions", check the permission level for the problematic users and then go to Site Settings->Site permissions->Permission levels, check whether the permission level contains "Manage permissions".
    If not, add the permission into the permission level.
    Thanks,
    Wendy
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • Sharepoint 2013 / Office 365 Document library item level permissions problem

    Hello,
    I'm looking for a solution to enable users to upload documents to a document library, the ability to view other documents uploaded to the same document library, but able to edit or delete those other documents.
    With a list you can use Item-Level security in Advanced Settings but this is not available for Document libraries. I could use workflows to assign individual permissions to document, but the the library already contains over 2,000 documents and will continue
    to expand so I don't like the idea of having that many individual permissions set.
    Are there any 3rd party plug-ins or solutions to this issue?
    Thanks,

    Try below:
    http://www.hersheytech.com/Blog/SharePoint/tabid/197/entryid/28/Default.aspx
    As it turns out the, setting Item-Level Permissions in a library is fully supported with PowerShell!
    The PowerShell commands for changing this are very simple:
    $web = Get-SPWeb http://YourSite/
    $list = $web.Lists[“Your Document Library Name”]
    $list.ReadSecurity = 2
    $list.Update()
    $web.Dispose()
    Note the 3rd line which is where you determine the value for this setting using the following values:
    1 = “Read all items”
    2 = “Read items that were created by the user”
    If you wish to modify the values for Create and Edit access instead, replace .ReadSecurity with .WriteSecurity with
    the following values:
    1 = “Create and edit All items”
    2 = “Create items and edit items that were created by the user”
    4 = “None”
    For example:
    $web = Get-SPWeb http://YourSite/
    $list = $web.Lists[“Your Document Library Name”]
    $list.WriteSecurity = 2
    $list.Update()
    $web.Dispose()
    Also check 
    http://sppermissions.codeplex.com/
    If this helped you resolve your issue, please mark it Answered. You can reach me through http://freeit-support.com/

  • SharePoint 2010 Item level permissions nightmare...how do I escape this madness?

    We have a custom SharePoint 2010 application that helps process job req. documents from 200+ partner companies. Each company can only see its own job req. documents (done using item level permissions in one document library).
    The number of documents is getting close to 3k. I've read that once you get over 5k, you'll see a huge performance hit because of the number of unique security scopes.
    Creating 200+ libraries is out of the question. That just seems like an even bigger logistical nightmare...especially since we add partners every month almost. We have reports that run off of this data and querying that many libraries would be nuts.
    Next would be making folders for each company. A lot of recoding would need to be done, but my biggest concern will be not being able to sort and filter properly.
    I've tried writing a PowerShell script to copy everything into folders in a new library and the filtering doesn't work even after messing around with the view to not show the folders at all.
    The last thing I'm considering is just archiving older data that may no longer be relevant by year or something.
    Has anyone else run into a similar issue?
    Any suggestions?

    Hi,
    Once you have exceeded the threshold limit, certainly there will be performance issues. However, you can still iterate though lists/libraries that exceed threshold limit by workaround here:
    List Threshold
    Additionally, please refer following link which demonstrates how you can implement sorting/paging for lists exceeding threshold limit:
    https://social.msdn.microsoft.com/Forums/en-US/4f788144-773c-4e63-8c1f-1e51f1c0a82f/client-object-model-fsobjtype-and-list-view-threshold?forum=sharepointdevelopmentprevious
    Hope it helps!
    Thanks,
    Avni Bhatt
    If this helped you resolve your issue, please mark it Answered

  • Item-level Permissions availabe in list advance setting not working.

    Hi,
         Recently i had an requirement of maintaining item level permission. My requirement was that whenever an item is created in list, it should be created with uniqure permission. I know how to do it by writing
    custom code, but i don't want to do it with any code as client doesn't need any dll etc. After explroring i found that there is an option available in List's advance setting. Following are the steps i followed:-
    Go to List settting.
    Go to Advance setting.
    In advance setting we have "Item-level Permissions" as one of option. This option have two
    sub options.
    For Read Accesss
    select "Read items that were created by the user"
    For Create and Edit access select "Create items and edit items that were created by the user" 
    Save the above settings.
    Below is the screen shot for above mentioned setting:
    Expected behaviour from above setting are:
    Users can create new items
    User can view and edit items only those item that are created by them.
    But i found there is not change in item level permission. All users can View and
    Edit items created by other users. May i am
    misunderstanding above setting or there is Bug in sharepoint. Please help me if any body have any idea about it.
    Regards,
    Deepak
    Deepak Kejriwal

    Make sure that users have "Contribute" permission to the list, if the users have more permission at site level, then the list permission will be overridden by site permission.
    Refer the following article for more info.
    http://office.microsoft.com/en-us/windows-sharepoint-services-help/permission-levels-and-permissions-HA010100149.aspx
    --Cheers

  • Alerts on a list with Item Level Permissions.

    We have an IS Request list that people can email with their problems.   We recently switched to Item Level Permissions where users can only see the requests that they created.    IS has full control rights over the list and can see all the
    items.   
    Our issue is that the alerts dont work in this type of list and SharePoint Designer alerts are hokey and less dependable.
    Thoughts?
    Devster

    You can use the IAlertNotificationHandler interface to intercept the e-mail alert and to modify it.
    Please check this thread below.
    http://social.msdn.microsoft.com/Forums/sharepoint/en-US/29efe27c-26c2-407e-b771-4f77971238ef/alert-problem-permissions?forum=sharepointgeneralprevious
    My Blog- http://www.sharepoint-journey.com|
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

  • Item Level permissions document library

    In SharePoint 2010 you could apply item level permissions to document libraries via PowerShell with
    $web= Get-SPOSite "sitename"
    $list = $web.Lists[“Listname”]
    $list.ReadSecurity = 2
    $list.Update()
    $web.Dispose()
    Is there a way to apply this to SharePoint online 2013? it doesn't seem to work.  

    Hi SpNerd,
    For SharePoint 2013 Online, there is not a comdlet that is used to get a site. So, it seems that there is not a way to change Item-level permissions via PowerShell for SharePoint Online.
    Windows PowerShell for SharePoint Online cmdlets
    http://technet.microsoft.com/en-us/library/fp161364(v=office.15).aspx
    As a workaround, you can change Item-level permissions via SharePoint Online UI as List Settings->Advanced Settings->Item-level Permissions.
    I hope this helps.
    Thanks,
    Wendy
    Wendy Li
    TechNet Community Support

  • Best Practice: Dynamically changing Item-Level permissions?

    Hi all,
    Can you share your opinion on the best practice for Dynamically changing item permissions?
    For example, given this scenario:
    Item Creator can create an initial item.
    After item creator creates, the item becomes read-only for him. Other users can create, but they can only see their own entries (Created by).
    At any point in time, other users can be given Read access (or any other access) by an Administrator to a specific item.
    The item is then given edit permission to a Reviewer and Approver. Reviewers can only edit, and Approvers can only approve.
    After the item has been reviewed, the item becomes read-only to everyone.
    I read that there is only a specific number of unique permissions for a List / Library before performance issues start to set in. Given the requirements above, it looks like item-level permission is unavoidable.
    Do you have certain ideas how best to go with this?
    Thank you!

    Hi,
    According to your post, my understanding is that you wanted to change item level permission.
    There is no out of the box way to accomplish this with SharePoint.               
    You can create a custom permission level using Visual Studio to allow users to add & view items, but not edit permission.   
    Then create a group with the custom permission level. The users in this group would have the permission of create & add permission, but they could no edit the item.
    In the CodePlex, there is a custom workflow activities, but by default it only have four permission level:
    Full Control , Design ,Contribute and Read.
    You should also customize some permission levels for your scenario. 
    What’s more, when use the SharePoint 2013 designer, you should only use the 2010 platform to create the workflow using this activities,
    https://spdactivities.codeplex.com/wikipage?title=Grant%20Permission%20on%20Item
    Thanks & Regards,
    Jason
    Jason Guo
    TechNet Community Support

  • Header tax conditions....sum of all item level condition

    Dear Gurus,
    I do get item level conditions using KONV.
    Now as per my requirement, I need all these item wise taxes summed up at header level.
    i.e total tax per condition per item.
    Please help me.
    Regards,
    Roshan Lilaram.

    Dear Anil,
    I will get these details item wise.
    I need all these together.
    If i have three items then at the header level i get the total of all these three items.
    I hope i am making my issue clear.
    Regards,
    Roshan Lilaram.

  • How to setup a list to use item level permissions - SP 2013 - Need Help

    Hi All,
          I have a created a group called TeamGroup in a site collections and i have all the users i the site to this group.
    Now i have a subsite and in the subsite is a list i want to configure list item permission for.
    For users to get to the subsite the TeamGroup has been given access to the subsite unless they wont have access to the list inside the subsite.
    The list has been configured to use unique permissions.
    But any time i add users dynamically to the list item(Read Permissions) it also adds TeamGroup(Read Permissions) to it :(
    Im using powershell to add users to the list time which also breaks the inheritance.
    So when users browse the list they also get to see other items because the TeamGroup has been added.
    How to set this up?
    Thanks in Advance

    Thanks .
    Ok i can try removing the user from the group an would give it a try.
    When you say "when break the inheritance did you remove everybody from the list?"
    What do you mean can you elaborate?
    when break the inheritance did you remove everybody from the list?
    if ($item.HasUniqueRoleAssignments -eq $False)
    $item.BreakRoleInheritance($True)
    #$user = $web.AllUsers[$UserName]
    $roleDefinition = $web.RoleDefinitions[$PermissionLevel]
    $item | ForEach-Object {
    #Write-Host "ItemID: " $_['Contractors']
    $spuser = $_['Contractors']
    #ForEach ($user1 in $spuser)
    #Write-Host $user1.User
    #$roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($user)
    $userId= $spuser.Split(";#")[0]
    $account=$web.AllUsers.GetById($userId)
    #$domainName=$account.LoginName.Split("|")[1];
    Write-Host $account
    $roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
    $roleAssignment.RoleDefinitionBindings.Add($roleDefinition)
    $item.RoleAssignments.Add($roleAssignment)

  • Item level permissions on Discussions

    Hi,
    I am looking to make a single discussion on a discussion board read only so that no one can reply to it. However I am unable to set permissions on a specific discussion through the browser. All I can find are permissions on the discussion board and individual
    messages. I am open to doing this through the browser or powershell; however, I would prefer a solution I can communicate to a power user.
    Thanks for help in advance!

    Change Views.
    Display the discussion list. Click the LIST ribbon tab and select Management from the Current View dropdown. Checkmark the one discussion, click the ITEMS ribbon, click Shared With and then click Advanced. Click Stop Inheriting Permissions and make
    your changes.
    For PowerShell you should be able to treat the single discussion as you would a folder. Break inheritance and the set permissions as needed.
    Mike Smith TechTrainingNotes.blogspot.com
    Books:
    SharePoint 2007 2010 Customization for the Site Owner,
    SharePoint 2010 Security for the Site Owner

Maybe you are looking for