Assign permissions to a list items

Similar Messages

• Assign Group permission to list item using client object model

  Hi,
     I am trying to add the list item and assign the permission to the list item by using SP 2010 client object model. The problem which i am facing that when i assign the group as a permission to the item, by automatically the limited access permission
  is added to the group. Please find the steps which i have followed,
  Step-1: Break role inheritance.
   foreach (var item in _listItemCollection)
                          if (item["FileLeafRef"].ToString().ToLower() == "xxx")
                              item.BreakRoleInheritance(true, false);
                              _clientContext.Load(item.RoleAssignments);
                              _folderItem = item;
  _clientContext.ExecuteQuery();
  Step 2: Remove all permissions of the list item.
     foreach (var assignment in _folderItem.RoleAssignments)
                      assignment.RoleDefinitionBindings.RemoveAll();
                      assignment.Update();
  _clientContext.ExecuteQuery();
  Step 3:
      Add Group as a permission to the list item.
    var role = _web.RoleDefinitions.GetByType(RoleType.Contributor);
                  var collRdb = new RoleDefinitionBindingCollection(_clientContext) { role };
                  Principal principal = _grp;
                  _folderItem.RoleAssignments.Add(principal, collRdb);
                  _folderItem.Update();
  _clientContext.ExecuteQuery();
      After adding the group successfully to the list item, i checked the group permission and it contains the value as "Contribute,Limited Access" to the site level and "Contribute" to the list item. Please guide me how to avoid to create Contribute,Limited
  Access role.
  Balaji

  Hi Dmitry,
    When I create the group and assign contribute permission, the group has the permission at the site level(to see the permission, click group and click view Group Permission).  I have added the list item and break the role inheritance permission
  and given the unique permission by providing group as a permission to the list item. After providing the permission, the group permission at the site level changed to "Contribute, Limited Access". I dont know how contribute permission changed to contribute,
  limited access.
  I found the workaround to fix this issue. I created the group and create the folder in the shared document library by using client object model. Due to facing some issue by providing the permission using client object model, i have created the event receiver
  to the document library and using server object model, i can able to assign the approprate group permission.
  Balaji

• Generate Report -List item permissions against Each list Item

  Hi,
  I want to get "Item Permission" against each list item from List.
  I need to prepare a Report from this Information.
  Can anyone please help to get "Item Permission" against each list

  Hi,
  About how to enumerate permissions of each items using PowerShell, code snippet provided by Nancy in this similar thread would be helpful:
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/509b7ea1-bd54-4fe3-842b-32fdc52e4f73/enumerate-list-item-permissions
  With the data retrieved, then you can export it to a .csv file:
  http://blogs.perficient.com/microsoft/2013/01/how-to-combine-powershell-cmdlet-output-in-a-single-csv-file/
  Best regards
  Patrick Liang
  TechNet Community Support

• Users requiring Contribute permissions to add list item - why?

  I have a list in which I only wanted to grant Add and Edit permissions.  I made these custom permissions so I could keep people from deleting from this list.  However, until I bumped the list permissions up to Contribute, everyone got an Access
  Denied error.  Why would that be?
  There are no mistakes; every result tells you something of value about what you are trying to accomplish.

  What permission options you checked, there are couple of you need to must check along with add items and edit...
  you need Add ITems, Edit ITems, View Items, OPen Items, View application pages etc
  http://technet.microsoft.com/en-us/library/cc721640(v=office.15).aspx
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• How to Remove Edit permissions to a group/user when an list item is approved.

  Hi,
  We have a requirement of removing the edit permissions on custom list item when a item is approved, this I have to implement using OOB feature or customization and designer, but no code should be involved.
  Can anyone please suggest me to implement this.
  Thanks, Swaroop Vuppala

  Check this below
  You need to use item level permissions.
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/9e3a624e-77d3-432f-9a2b-3f25b925423a/how-to-remove-edit-and-delete-option-for-a-list-item-when-approval-workflow-is-complete-and?forum=sharepointgeneralprevious
  Please remember to click 'Mark as Answer' on the answer if it helps you

• Share List item with unique permission

  Hi, I am using Shared With Property in sharepoint 2013 List.
  I stoped inheriting permission for List.
  But when i am creating new list item in the List, it inhering permission from parent
  How to set default setting as stop inheriting permissions for new list item.?
  Thanks in advance

  What kind of list are you using? If you are using one of the following, or you built your list from one of the following, then you can use Item-Level Permissions.
  Announcements
  Calendar
  Custom lists
  Discussion Board
  Links
  Surveys
  Tasks
  To use Item-Level Permissions: Go to the List ribbon, click List Settings and then click Advanced Settings.
  Mike Smith TechTrainingNotes.blogspot.com
  Books:
  SharePoint 2007 2010 Customization for the Site Owner,
  SharePoint 2010 Security for the Site Owner

• Workflow 2013 and custom list item 2013 security levels

  In a new workflow 2013 that will be using a new custom list 2013, I would like the following to occur:
  1. I would like to have the workflow have its own set of permissions,
  2. I would like the user to have their own set of permissions.
  Basically I would like the user and the workflows to have separate permission levels. This is due  to
  changing permission levels on the list after the user submits the list to the workflow. Basically I will have the user enter all the data they want to at different times and hit a custom 'save' button. However once the user hits the custom 'submit' button,
  I do not want the user to be able to change the data. I want the user to only have read or view access on the custom list that they submitted to the workflow.
  Thus can you tell me if what I am planning is possibly? If so, can you tell me and/or show me how to accomplish this goal?
  If this is not possible, do you have any suggestions on what else I could try and how would I proceed with your suggested method? Basically how would I setup your suggested method?

  I think this should be handled in the workflow form itself. Add a rule in the form that checks the status. If the user has already submitted the form, the submit should be disabled. Make sure have data fields to record status and user who submitted the
  form. If you don't have these fields already, add them and then setting up rule is easy. Having separate permissions is not possible anyway. User has permission on an object (in this case workflow). It is not possible that user has permissions (permissions
  on what? to do what?) and he cannot submit form. If the form is advanced and has code behind you can add code to change permissions on the list item. Then once user has submitted the form, change his permissions to read only. As I said, adding a rule and disabling
  the button is the easiest solution.
  Saifullah Shafiq
  Blog:  
  Twitter:   LinkedIn:
    Facebook:
    Google+:
    Latest Book:
  A Practical Guide to SharePoint 2013

• Workflow 2010 set list item permissions

  I have a sharepoint 2013 list set up with two kinds of users (Approver and Employees) needing access:
  Approvers - need full control on the list/site
  Employees - can only have edit/read access to their own list item or entry
  I'm using SPD 2013 with workflow 2010 platform, the workflow runs when approvers submits an entry (via people picker) for an employee. The part I'm having trouble with is granting
  employees their permissions above when the item is created.
  Following a web example, in the impersonation step I'm simply using add list item permissions action to grant the employees.
  In another workflow I'm sending them notification to the edit form, but they can't access the link.
  If I add the employees in one of the site's permissions group like visitors group then they can access the list but that would give them access to everything.
  Hope I explained the issue well, please let me know if anything is not clear. Thanks in advance!

  Hi
  That's not actually true, when you create a group in sharepoint you don't need to assign it any permissions, i.e.
  you create a group called 'NewListViewers' and don't assign it any permissions to the site
  you add members to this group (they have no permissions to the site or content within the site)
  you then customise the permissions of a list and grant this new group whatever permission you want (presumably contribute), the group only has permission to the list.  Add the approvers group with full control and your done.
  As for having users read only own items, simply amend the advanced settings read access to be '<label for="ctl00_PlaceHolderMain_ItemLevelSecuritySection_ctl09_RadReadSecurityOwn">Read items that were created by the user</label>', now
  they can only view/edit their own items and approvers can see everything.
  Regards
  Sergio Giusti Sergio Blogs
  Linked
  In Profile
  Whenever you see a reply you think is helpful, click Vote As Helpful.
  Whenever you see a reply you think is the answer to the question, click Mark As Answer.

• Webpart button that assigns user to list item

  I need a button event that when clicked assigns the user to the list item that is selected from a checkbox. All from a webpart. Unfortunately for me corporate will not let us use Visual Studio (security access to critical info and what not).
  I have access to InfoPath and SharePoint designer content editor and such. I tried circumventing it all together and built a button in the form that only shows when in edit mode from the webpart. The button simply assigns user to the people picker, which shows
  in InfoPath preview. But when I try to do the same in the live edit able list item the people picker just blinks and nothing fills the text field. I even tried using a simple text box which worked but only for userid()  not display name. Anybody know
  why people picker field appears blank in the live version? Or can someone point me to where I can build an outright webpart button that fills my assignto field? I don't quite understand how to do it. What I have seen has been done with visual studio. Any help
  would be great.

  Hi Jack,
  First of all, you can not create a coded web part using SPD.
  What you can do is create custom page (aspx) and do inline coading. (http://social.technet.microsoft.com/Forums/sharepoint/en-US/211d3c10-ab83-473f-95b4-83b0174f9dd7/how-to-add-custom-web-part-to-sharepoint-page-by-using-sharepoint-designer?forum=sharepointgeneralprevious)
  Custom page allows you to add c# code with enable page compiling with
  <PageParserPaths>
  <PageParserPath VirtualPath="/PageLibrary/MyCustomPage.aspx" CompilationMode="Always" AllowServerSideScript="true" />
  </PageParserPaths>
  OR
  Write all into Content editor web part on that page.(http://social.technet.microsoft.com/Forums/sharepoint/en-US/f6d8c243-71af-4a98-bdb6-750d4dd9dc27/check-box-and-button-in-content-editor-web-part?forum=sharepointgeneralprevious)
  Here you can use Javascript only and not "c#" due to security issue.(http://social.msdn.microsoft.com/Forums/sharepoint/en-US/74b676f0-3509-4b11-8725-b9f2626371e9/content-editor-web-part-and-c?forum=sharepointdevelopmentlegacy)

• Prevent multiple users from accessing a list item at the same

  Hi,
  I have a scenario where, if a list item is opened (in edit mode) by one user, no other user should able to access it. I mean to checkin/checkout kind of thing which is not possible with sharepoint lists.
  One thing that I have done through infopath 2010, by setting a rule on form load. On form load, set a field's value Assigned To to Current User and then submit data. In case I am getting value of Assigned To getting stored in the list as a new record
  along with all the values from previous fields.
  I want to update the same record not the duplicate record.
  Please suggest a solution for it. 

  Hi
  add a new column to your list COL_EDITING( type yes, no )
  Default value : NO
  Customize your editform.aspx attached to your form, when it open
  A. analyze if COL_EDITING=NO
  If it isn;t alert  an error message ( the item is in edit mode by another user  )  , and close the page
  if it is --->
  B to fill COL_EDITING=YES
  and next permit user to fill the fields in the form
  Also
  Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

• How to restrict user rights so they can add list items but cannot edit them once saved?

  I appreciate if you can help me with this. My beloved company uses SP2010, and I got the task to solve this issue using it, though I am not a programmer (basic html is still ok).
  I need a simple annual leave list with the following capabilities:
  1. Group of users (~100 members) should be able to create list items in a list that contains annual leave data. Columns are: Name, Leave start date, Leave end date, Team leader, etc.
  2. Once they fill in the new item form, a workflow notifies the team leader to visit the item and set a column "approval status" to approved or rejected.
  3. Based on this column value, another workflow notifies the requestor about the decision.
  4. After approval, users should be able to see their items in the list, but they should not be able to edit it.
  Sounds so simple, but I have big issues with point 4. as Sharepoint does not differentiate create and edit rights to a list item. As a result, requestor can edit dates of the approved items.
  Any hints how to solve this? Can impersonation help with this? Or should I add a new permission level to the site?

  Hello
  We are going to do the following things to accomplish your task
  create a new security permission level that will allow submit only
  create your annual leave list
  assign everyone the submit only permission
  add a workflow to send the email and modify the item permissions
  Ok first things first, on the sharepoint server open a powershell window and type the following powershell:
  $spweb=Get-SPWeb -Identity "<site url>";
  $spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition;
  $spRoleDefinition.Name = "Submit only";
  $spRoleDefinition.Description = "Can submit/add forms/files/items into library or list but cannot view/edit them.";
  $spRoleDefinition.BasePermissions = "AddListItems, ViewPages, ViewFormPages, Open";
  $spweb.RoleDefinitions.Add($spRoleDefinition);
  $spweb.Dispose();
  Now in your site you will have a new permission level called 'Submit Only'.
  Create your annual leave list and give all users read and submit only permissions.
  Now create a workflow against this list in sharepoint designer.
  Add a new step which should be an impersonization step
  1st action
  add permission: give the user and their manager (i am presuming you are capturing this information in your list so it will be recorded against the item) whatever control you wish, i.e. full control, contribute, etc.
  2nd action
  remove list permission: remove the group you initially gave read and submit only permission to and select the read and submit only permissions to remove from them, i.e. if you added the 'All Users' group, then when performing this action choose to remove
  the read and submit only permissions for the users 'All Users'.
  3rd Action
  Send an Email: Email Manager with notification.
  Regards
  Sergio Giusti
  http://sergioblogs.blog.co.uk/
  Whenever you see a reply and if you think is helpful, click " Vote As Helpful". And whenever you see
  a reply being an answer to the question of the thread, click "
  Mark As Answer".
  i just face the same issue and i create a new Permission level named "Submit Only". but i also have a custom web part that is added to my Create form . so when users tried to access the Create form they will get Access Defined. so is there a way to
  modify the permission level to be able to read web parts ?

• Setting Item level access rights on sharepoint list item in ItemAdding event handler

  Hi ,
  I am using sharepoint 2013. I am trying to set item level access rights when a list item is added using the following code snippet,
  public override void ItemAdding(SPItemEventProperties properties)
  base.ItemAdding(properties);
  ConfigureItemSecurity(properties);
  private void ConfigureItemSecurity(SPItemEventProperties properties)
  var item=properties.ListItem;
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(properties.SiteId))
  using (SPWeb oWeb = site.OpenWeb())
  item.ParentList.BreakRoleInheritance(true);
  oWeb.AllowUnsafeUpdates = true;
  var guestRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Reader);
  var editRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Editor);
  SPGroup HRGroup = oWeb.SiteGroups.Cast<SPGroup>().AsQueryable().FirstOrDefault(g => g.LoginName=="HR Team");
  SPRoleAssignment groupRoleAssignment = new SPRoleAssignment(HRGroup);
  groupRoleAssignment.RoleDefinitionBindings.Add(guestRole);
  SPUserCollection users = oWeb.Users;
  SPFieldUserValueCollection hm = (SPFieldUserValueCollection)item["HiringManager"];
  SPFieldUserValueCollection pm = (SPFieldUserValueCollection)item["ProjectManager"];
  SPFieldUserValueCollection pmChiefs = (SPFieldUserValueCollection)item["ProjectManagerChief"];
  item.BreakRoleInheritance(true);
  item.RoleAssignments.Add(groupRoleAssignment);
  foreach (SPFieldUserValue staffMember in hm)
  SetRightsOnItem(item, staffMember, editRole);
  foreach (SPFieldUserValue staffMember in pm)
  SetRightsOnItem(item, staffMember, guestRole);
  foreach (SPFieldUserValue staffMember in pmChiefs)
  SetRightsOnItem(item, staffMember, guestRole);
  item.Update();
  private void SetRightsOnItem(SPListItem item, SPFieldUserValue staffMember, SPRoleDefinition role)
  SPUser employeeUser = staffMember.User;
  var userRoleAssignment = new SPRoleAssignment(employeeUser);
  userRoleAssignment.RoleDefinitionBindings.Add(role);
  item.RoleAssignments.Add(userRoleAssignment);
  Nothing is happening though... Is the event handler the right place to do this?
  thank you

  Hi ,
  You can refer to the code working in my environment:
  using System;
  using System.Security.Permissions;
  using Microsoft.SharePoint;
  using Microsoft.SharePoint.Utilities;
  using Microsoft.SharePoint.Workflow;
  namespace ItemLevelSecurity.ItemSecurity
  /// <summary>
  /// List Item Events
  /// </summary>
  public class ItemSecurity : SPItemEventReceiver
  /// <summary>
  /// An item was added.
  /// </summary>
  public override void ItemAdded(SPItemEventProperties properties)
  SPSecurity.RunWithElevatedPrivileges(delegate()
  try
  using (SPSite oSPSite = new SPSite(properties.SiteId))
  using (SPWeb oSPWeb = oSPSite.OpenWeb(properties.RelativeWebUrl))
  //get the list item that was created
  SPListItem item = oSPWeb.Lists[properties.ListId].GetItemById(properties.ListItem.ID);
  //get the author user who created the item
  SPFieldUserValue valAuthor = new SPFieldUserValue(properties.Web, item["Created By"].ToString());
  SPUser oAuthor = valAuthor.User;
  //assign read permission to item author
  AssignPermissionsToItem(item,oAuthor,SPRoleType.Reader);
  //update the item
  item.Update();
  base.ItemAdded(properties);
  catch (Exception ex)
  properties.ErrorMessage = ex.Message; properties.Status = SPEventReceiverStatus.CancelWithError;
  properties.Cancel = true;
  public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
  if (!item.HasUniqueRoleAssignments)
  item.BreakRoleInheritance(false, true);
  SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
  item.RoleAssignments.Add(roleAssignment);
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected].
  Eric Tao
  TechNet Community Support

• Create a project from list item not working if EPT has Project Plan Template

  HI,
  i am trying to leverage the new feature in 2013 to create a project from an idea list.
  This works fine if the EPT does not have Project Plan template assigned to it. Even through workflow action "Create Project from current list item".
  However if i assign a project plan template and the user creating the project  is not Administrators Group member, i get an error. While doing this trough a workflow the worfklow gets suspended and i have the below message:
  RequestorId: 654a6744-eb11-3d9c-0000-000000000000. Details: RequestorId: 654a6744-eb11-3d9c-0000-000000000000. Details: An unhandled exception occurred during the execution of the workflow instance. Exception details: System.ApplicationException: HTTP 403
  {"error":{"code":"20010, Microsoft.ProjectServer.PJClientCallableException","message":{"lang":"en-US","value":"PJClientCallableException: GeneralSecurityAccessDenied\u000d\u000aGeneralSecurityAccessDenied"}}}
  {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPClientServiceRequestDuration":["290"],"SPRequestGuid":["654a6744-eb11-3d9c-9d1e-ff8135e50f19"],"request-id":["654a6744-eb11-3d9c-9d1e-ff8135e50f19"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4535"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
  RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Wed, 23 Apr 2014 14:40:46 GMT"],"Server":["Microsoft-IIS\/7.5"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]}  
  at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context)   at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager)  
  at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)
  Any one has experienced this ?
  Thx

  Hi, RonyZ.
  I think it could help.
  I have experienced the same problem as you are, except "Create project" option, my managers could do it.
  So, for me a solution was to set definite permissions for Workflow Initiators (I have created new group, but you can edit, including
  Global permissions
  New project
  Open project template
  Server configuration management
  For category “My organization”
  Open Project
  Publish Project
  Save Project on Project Server
  Excuse me my translation, some names can be written not properly, cause I have localized SP.
  In you case, I think, you should check, if you PM  group has all these permissions.
  And Workflow Initiator should be in group which has.
  In LOGS error notifications starts with “Permission denied”, then goes account
  name and then the name of permission which is left.

• Allow All Users To Add List Items But Only Certain users To Edit Them (SharePoint 2013)

  How do we allow all users to add items to a list, but only allow certain users to edit the list items? Site is SharePoint 2013. We have tried creating custom permissions. That does not seem to work.

  I've setup a custom list on my SharePoint Foundation using a custom permission level to accomplish this.  I setup a custom permission level on the site called 'Add Only to Lists'  which allows adding an item to the list and setup the group with
  the default read and the custom permission level and it works.  The users in the group get the add item but do not get edit item, not even items they created themselves.
  Any users who should have full edit permissions can be setup under the normal edit/contribute/design permission level and work normal.
  Below is the Role Definition pulled via PowerShell and Role Assignments on the list in question.  As well as a picture showing what it looks like to something assigned that role level.
  Role Definition
  Name : Add Only to list
  Description : Can add items to a list but cannot edit or delete
  Type : None
  Hidden : False
  Order : 2147483647
  BasePermissions : ViewListItems, AddListItems, Open, ViewPages
  List Role Assignments
  Member : Home Visitors
  RoleDefinitionBindings : {Read, Add Only to list}
  Parent : IT Equipment Request
  ParentSecurableObject : IT Equipment Request
  The user can create a new item, but cannot edit items - not even items he created.

• Using list items to create sites programatically

  Hello All,
  I am looking to programatically create sites based on items in a SharePoint list. The list has 4 columns, Name, Email, ManagerName, ManagerEmail.
  The aim is to use PowerShell to create a foreach loop, that creates a site (using the "Name" column as the site title/URL) based on the #STS01 teamsite template, breaks permission inheritance, and then gives the Manager ("ManagerName")
  contribute access to the site.
  Not sure where to start with this, any advice would be appreciated!
  Cheers!

  Hi,
  Here is the complete PowerShell code to create site with unique permissions and assign manager with contribute permissions.
  I have created a list with following columns as shown in the screenshot.
  Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
  $sourceWebURL = "http://sp2013"
  $sourceListName = "MySites"
  $spSourceWeb = Get-SPWeb $sourceWebURL
  $spSourceList = $spSourceWeb.Lists[$sourceListName]
  $spSourceItems = $spSourceList.GetItems()
  foreach($item in $spSourceItems)
  $siteTitle = $item["Title"]
  $siteName = $siteTitle -replace " ", ""
  $NewSiteUrl = $sourceWebURL+"/"+$siteName
  write-host "Title:"$siteTitle
  write-host "Url:"$NewSiteUrl
  #Create User Object from the List Item
  $userWithContribute = New-Object Microsoft.SharePoint.SPFieldUserValue($spSourceWeb,$item["ManagerName"].ToString());
  #Create Sub-site with Unique Permissions
  $newWeb = New-SPWeb -Url $NewSiteUrl -Name $siteTitle -Template "STS#0" -UniquePermissions
  #Assign Manager with Contribute permission
  Set-SPUser -Identity $itemUser.User -Web $newWeb -AddPermissionLevel "Contribute"
  https://gallery.technet.microsoft.com/PowerShell-Script-to-d888fcdd
  Please don't forget to mark it answered, if your problem resolved or helpful.