Change item level security using wwsbr_api.modify_item

Similar Messages

• How to use Item Level security

  I am working on portal 9.0.2.6.18.
  I have a folder with 1000 items. I want to grant groupA
  access to 997 items and
  (Group B,GroupA) access to 3 items.
  How do i do this.
  Here is what i tried:
  1.enabled item level security on folder
  2.granted folder level access to groupA and groupB
  3.Changed access of 997 items to grant access to GroupA
  4.Did nothing to the 3 items which i wanted to give access to GroupA,GroupB
  Is there a better way of achieving this?
  I am not really comfortable granting folder level access to groupB, because if i miss overwriting privileges of an item (in step 3), then groupB will have access to that item. I would love to change just 3 items because they are the exception.
  How is this feature supposed to be used?
  Thanks
  Harish

  Martin,
  Thanks for the reply. I just cited 1000 items folder as an example. We have various complex combination of security requirements for folders and items. So creating sub-folders for each combination will not work for me.
  Everytime the security requirements change we have to move the items around, which can confuse users. And sometimes we have to create sub-folders to workaround the item-level security problems even when there is no logical business classification to a set of items.
  Harish

• Item Level Security problem

  Hi forum,
  I have a page group in portal 10.1.4 say pagegroupA with several sub pages beneath it. Item level security (ILS) has been enabled for the page group and the option display page to public is checked. I am trying to enable ILS such that if userA posts to any page in this pagegroup, he should be able to see only his content. Similarly, userB should be able to see only the content that he posts. UserA is a member of groupA and userB is a member of groupB. I am using the enable_ils_for_item and add_item_ils_privileges API to achieve this.
  <p>
  Wwsbr_Api.enable_ils_for_item( p_master_item_id => masterthingid, p_caid => pagegroupA_ID, p_folder_id => someSubPageInPagegroupA_ID );
  portal.Wwsbr_Api.add_item_ils_privileges(
                                                              p_master_item_id => masterthingid,
                                                              p_caid => pagegroupA_ID,
                                                              p_folder_id => someSubPageInPagegroupA_ID,
                                                              p_itemview_group =>arrayOfgroupA_ID );
  This seems to work in that when the user logs out of portal, the item is not displayed to the public. However, when userA logs in, he can see items posted by userB and vice versa (userB can see userA's items). Am I missing something either in the code, page group configuration or user setup?
  Thanks

  I recommend you using the wwsbr_api only for managing content (that includes enabling the ILS for a page). But for assigning privileges to items, pages, whatever, I recommend using wwsec_api (set_user_acl, set_group_acl, etc). It is more reliable.
  PS: This would be a good post for a more specific forum: Portal Developer Kit (PDK)

• Item level security not available to accounts with manage content?

  Though I'd post this here before trying metalink.
  Environment: App Server Portal 9.0.4 (10g) on Win200
  The scenario:
  I have set up a page with one item area. This is set to be a portlet on another page and act as a message board.
  I wish to set up a group of users to maintain this message board, but restrict their access any further.
  Setting a user up with 'Manage Content' on the Page properties almost does this. It allows them to Enter/Edit/Move or delete items but pretty much no more which is exactly the level of access I require.
  What it doesn't allow, when they add or edit an Item, is the ability to change Access permissions.
  The page has 'item level security' ticked, and a user with higher 'Manage' access can set access permissions on items, for example only allowing a certain group viewing an item, but it also allows them to manipulate the page which I do not want to permit.
  Is it possible that 'Manage Content' level users can also set access on items?
  Thanks.

  Resolved, it appears that access can be set after item creation using the edit. a little quirk.
  Also I was trying to set access on an item created by the 'manage' user, which was beyond the 'manage content' users scope, and not a practical situation.

• Item level security apis

  Hello:
  Requesting clarification on a Content API question in 10G
  Using the APIs, I have created a Page and an item heirarchy in the same page. Now in order to assign item level security, I need to call the following API to "enable" item level security on the specified item -
  wwsbr_api.enable_ils_for_item(
  p_master_item_id => v_category_id2a
  ,p_caid => v_page_group_id
  ,p_folder_id => v_new_page_id);
  However, this throws an exception wwsbr_api.ILS_DISABLED
  meaning -
  "The page does not allow Item Level Security.
  Cannot add item specific privileges."
  But, how do we programmatically "enable" the Page to have
  Item level security. - analogous to checking the box in the Page edit mode for "Enable item level security"
  Thanks
  -Ananth

  I'd appeciate a reply as well. For now I've been using content as a PL/SQL stored procedure in a package and then wrapping is_logged_in code around it. It works but isn't cusomizable.

• Best Practice: Dynamically changing Item-Level permissions?

  Hi all,
  Can you share your opinion on the best practice for Dynamically changing item permissions?
  For example, given this scenario:
  Item Creator can create an initial item.
  After item creator creates, the item becomes read-only for him. Other users can create, but they can only see their own entries (Created by).
  At any point in time, other users can be given Read access (or any other access) by an Administrator to a specific item.
  The item is then given edit permission to a Reviewer and Approver. Reviewers can only edit, and Approvers can only approve.
  After the item has been reviewed, the item becomes read-only to everyone.
  I read that there is only a specific number of unique permissions for a List / Library before performance issues start to set in. Given the requirements above, it looks like item-level permission is unavoidable.
  Do you have certain ideas how best to go with this?
  Thank you!

  Hi,
  According to your post, my understanding is that you wanted to change item level permission.
  There is no out of the box way to accomplish this with SharePoint.               
  You can create a custom permission level using Visual Studio to allow users to add & view items, but not edit permission.   
  Then create a group with the custom permission level. The users in this group would have the permission of create & add permission, but they could no edit the item.
  In the CodePlex, there is a custom workflow activities, but by default it only have four permission level:
  Full Control , Design ,Contribute and Read.
  You should also customize some permission levels for your scenario. 
  What’s more, when use the SharePoint 2013 designer, you should only use the 2010 platform to create the workflow using this activities,
  https://spdactivities.codeplex.com/wikipage?title=Grant%20Permission%20on%20Item
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Dont allow to change item level data in sales order.

  Hi all,
  I have a requirement in which, users should not be allowed to change  item level data or not allowed to add any new items in sales order on a certain condition. But they should be allowed to change the header level data.
  How can i achieve this.
  Can anyone help me?

  Hi,
  Check below exit.
  MV45AFZZ and in form USEREXIT_MOVE_FIELD_TO_VBAP.
  Here check for ur validation, If passes then CHECK variable SVBAP-TABIX. If it is 0 then item is created. If it is GT 0 then item is changed. Other way could be...
  select data from VBAP for each sales document and item in xvbpa internal table.
  If for any item u don't have data in VBAP table that means u r adding that item. So issue error message.
  *       FORM USEREXIT_MOVE_FIELD_TO_VBAP                              *
  *       This userexit can be used to move some fields into the sales  *
  *       dokument item workaerea VBAP                                  *
  *       SVBAP-TABIX = 0:  Create item                                 *
  *       SVBAP-TABIX > 0:  Change item                                 *
  *       This form is called at the end of form VBAP_FUELLEN.          *
  Thanks,
  Vinod.

• Item level security...

  We have an out of the box solution where users can log there meeting minutes in a custom list. The security of the site consists of about a 100 SharePoint groups which are being used throughout the site collection with different permissions.
  For the purpose of this solution we have each group belonging to one of four logical roles (Directors, Power Users, Employees (Internal) and Employees (External). There are about 50 groups that fit the role of Employees. We want to make sure that users can
  access only the items if they belong to this logical role. That means that an item created by employee has to be accessible by 50 groups.
  What would be the best practice to apply security in this situation since for item level security it would require that inheritance be broken at item level and 50 groups added to the permissions of that item.
  Regards

  We are often discouraged from using folders, but security is one place they are quite useful. Create one folder for each of your top level groups (Directors, etc), break inheritance on the folder and assign your 50 groups. Upload a file to the folder and
  all of the security you need has been applied. You general users don't need to know about the folders. Create view that "Show all items without folders". Keep one view with folders displayed for uploading files.
  Mike Smith TechTrainingNotes.blogspot.com
  Books:
  SharePoint 2007 2010 Customization for the Site Owner,
  SharePoint 2010 Security for the Site Owner

• ACL - ILS (Item Level Security) for Content Server & WebCenter Spaces

  We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
  After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
  I made the following configuration changes:
  UseEntitySecurity=1
  SpecialAuthGroups=SecurityGroups (comma separated list with no spaces and the application name is included)
  CS: Version:11gR1-11.1.1.5.0
  DB: 11.2.0.2.0 ---Oracle Database 11g Enterprise Edition
  WebCenter: 11.1.1.4.0 (in a clustered environment)
  Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.

  Hi ,
  Do you upload the documents from spaces or from UCM side ?
  When you say the security and account field are not displayed , is that when viewing the content or during update ?
  When the ACL features are turned off do you see the above fields ?
  Thanks
  Srinath

• Item level security, workflow and tab problems

  was wondering if someone could help us out with some problems we are having. We need to up and running over the next two days so anyone who could get back to us pretty quickly would be greatly appreciated.
  We are actually having a couple of issues which all revolve around three
  groups we have created (for simplicity we have only attached one user to each group). Here are the steps we took:
  Problems adding content:
  a) Added the three groups to the page group and gave them view access.
  b) Turned on approvals and set group3 as the approver.
  c) Added the three groups to the page and gave them view access.
  d) In the page properties, I enabled item level security.
  e) Added an item content area to the page.
  f) Added three pieces of simple content
  g) For content item1 I granted granted full access to group1(Own, manage, view), for content item 2 I granted full access to group2, etc.
  h) WHen I log on as a user in group1 I only see content item1. HOwever, when I edit the page I find I cannot add any items as user1.
  i) I went back to the page properties and changed the access of all three groups to "manage items with approval" but let the item level security as it was.
  j) When I logged on as user1 I found I could see all items now when I should only have seen content item1. What the hell? Can anyone tell me what I did wrong?
  Problems with item level security on tabs:
  a) Repeat steps a) through d) above.
  b) Create a content region and add three tabs: Home, Work, Life.
  c) On the Work tab changed portlet region to item region.
  d) Added three items with security exactly as I did above.
  e) When I signed on as user1 I saw all three items when I only should have seen item1. What the hell?
  f) I monkeyed around with the secutiry at the tab level but it didn't seem to make much difference. ANyone have any ideas what is going on here?
  Thanks in advance.

  Does the library have versions enabled? Also are these logins occuring within word/excel etc?
  If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
  There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
  want to.

• User exit to change item level data in purchase order

  Hi,
  Can anyone let me know the user exit to change item level data in purchase order . there is a badi ME_PROCESS_PO_CUST for this but the issue is its method process_item gets triggered only when the item is changed. My requirment is
  For purchase order document types u201CZSOu201D and u201CZCOu201D, where the purchase order is a u201CLimits Orderu201D only i.e. no materials or services on the purchase order, the print price indicator field should be set to u201Cblanku201D (unchecked).   now i cant use ME_PROCESS_PO_CUST  because process_item wont get triggered if there is no change in itemlevel data.
  Regards,
  Rahul

  Hi Rahul,
  Probably EXIT_SAPLMEKO_002.
  hope it helps,
  Edgar

• Setting up item level security access

  Hello,
  I am new to Oracle Instant Portal and I'm trying to figure out how to set up item level security on a particular tab page. Can anyone give step by step instructions on how to make it work?
  So, say that I have a tab page called HR. On that HR page, I have 3 items. For item1 and item2, I want user1 to have view access to these only, and for user2 they could have view access to item3 only.
  I checked the option in the HR page's Page Access settings to Enable Item Level Security, saved the changes, and even cleared the cache, but it doesn't seem to give me any new functionality where I could specify that for item1 and item2, only user1 should have access to it, and for item3, only user2 should access it.
  Can someone please help?
  Thanks!

  Please disregard--I figured out how to do this:
  1. When you are editing the page, you must click on the "Edit Item" icon next to the item.
  2. Then click on the Access tab in the upper right.
  3. Select Define Item Level Access Privileges and click Apply.
  4. In the Grant Access section that now appears just below, select the user id you want to grant access to the item and then click Add.

• Workflow for Changing Item Level Permission in SharePoint 2013 (Office365)

  I am using OOTB Tasks List in SharePoint 2013 (O365). Now my scenario is like this:
  I have two user groups: 1.Sales Managers 2. Sales Executives
  Sales Managers can create & assign task to Executive.  I want something like Sales Managers Can view all tasks (Which is by default view of tasks list i.e. perfact) but Executives can see only their tasks assigned to them. How can I achive this?
  Can I use WorkFlow for this to Change item level permission or to assign permission to assigned to user? or JS
  Can anyone have proper solution? thanks

  1. make 2 SharePoint group 1>Sales Managers 2>Sales Executives
  2. Show 2 WP of same task list in same page.
  3. Use Audience Target for Sales Managers Sharepoint group in first Webpart property. (All
  Iten view)
  4. Show "My Task" view (assign to =[Me]) Bottom WP for same task list and use Audience Target for Sales Executives. Or if you want it to see
  Sales Managers as well, the dont use any Audience Target.
  Bottom line - SharePoint group use in Audience Target will do the trick. OOTB
  Regards Sudip Misra [email protected] +1-412-237-5435 Pittsburgh, PA

• How programmatically "enable" the Page to have Item level security

  Some body known how do we programmatically "enable" the Page to have
  Item level security. - analogous to checking the box in the Page edit mode for "Enable item level security"

  Hi, I only know portal.wwsbr_api.enable_ils_for_item.....
  You can perform actions on multiple objects simultaneously.
  Navigator > Page Groups(TAB) > PageGroup > Page > actions(link)
  Click on actions link and in LOV, select "Enable ILS".
  Hope this help.

• Edit Folder link always is visible if Item Level Security is enabled

  Hi,
  When Item Level Security is enabled in a folder, it show the 'Edit Folder' link, instead if the user is not authenticated.
  Does anybody know how to remove this link???
  Thanks.

  We to have experienced this behavior. Is this a bug?
  The Edit Link generated does not allow the user to "edit" any items, but shows the Administration link. This is not a good thing. This makes using Item Level Security very difficult, from the standpoint of User Interface and confusion.
  We are looking into creating a portlet to dynamically generate an "Edit Folder" link to replace the current one. However, we have doubts this will work.
  Dean
  - Solaris
  - Portal 3.0.9.8.2
  - 8.1.7.3
  (Awaiting Release 2!)