How to restrict user rights so they can add list items but cannot edit them once saved?

I appreciate if you can help me with this. My beloved company uses SP2010, and I got the task to solve this issue using it, though I am not a programmer (basic html is still ok).
I need a simple annual leave list with the following capabilities:
1. Group of users (~100 members) should be able to create list items in a list that contains annual leave data. Columns are: Name, Leave start date, Leave end date, Team leader, etc.
2. Once they fill in the new item form, a workflow notifies the team leader to visit the item and set a column "approval status" to approved or rejected.
3. Based on this column value, another workflow notifies the requestor about the decision.
4. After approval, users should be able to see their items in the list, but they should not be able to edit it.
Sounds so simple, but I have big issues with point 4. as Sharepoint does not differentiate create and edit rights to a list item. As a result, requestor can edit dates of the approved items.
Any hints how to solve this? Can impersonation help with this? Or should I add a new permission level to the site?

Hello
We are going to do the following things to accomplish your task
create a new security permission level that will allow submit only
create your annual leave list
assign everyone the submit only permission
add a workflow to send the email and modify the item permissions
Ok first things first, on the sharepoint server open a powershell window and type the following powershell:
$spweb=Get-SPWeb -Identity "<site url>";
$spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition;
$spRoleDefinition.Name = "Submit only";
$spRoleDefinition.Description = "Can submit/add forms/files/items into library or list but cannot view/edit them.";
$spRoleDefinition.BasePermissions = "AddListItems, ViewPages, ViewFormPages, Open";
$spweb.RoleDefinitions.Add($spRoleDefinition);
$spweb.Dispose();
Now in your site you will have a new permission level called 'Submit Only'.
Create your annual leave list and give all users read and submit only permissions.
Now create a workflow against this list in sharepoint designer.
Add a new step which should be an impersonization step
1st action
add permission: give the user and their manager (i am presuming you are capturing this information in your list so it will be recorded against the item) whatever control you wish, i.e. full control, contribute, etc.
2nd action
remove list permission: remove the group you initially gave read and submit only permission to and select the read and submit only permissions to remove from them, i.e. if you added the 'All Users' group, then when performing this action choose to remove
the read and submit only permissions for the users 'All Users'.
3rd Action
Send an Email: Email Manager with notification.
Regards
Sergio Giusti
http://sergioblogs.blog.co.uk/
Whenever you see a reply and if you think is helpful, click " Vote As Helpful". And whenever you see
a reply being an answer to the question of the thread, click "
Mark As Answer".
i just face the same issue and i create a new Permission level named "Submit Only". but i also have a custom web part that is added to my Create form . so when users tried to access the Create form they will get Access Defined. so is there a way to
modify the permission level to be able to read web parts ?

Similar Messages

  • How To Restrict Users To Only Create Purchase Requisitions with Item Catalog?

    Hi, everyone 
    Please help me, 
    How To Restrict Users To Only Create Purchase Requisitions with Item Catalog? is it possible? 
    Regards,   Manuel

    Hi Steenie Norman
    First click on the text item ---> Tools ---> Property Pallete ---->
    and change the Keyboard State to Local Only also this Depend in your OS
    hope this useful ....
    Regards
    Mohammed

  • Allow All Users To Add List Items But Only Certain users To Edit Them (SharePoint 2013)

    How do we allow all users to add items to a list, but only allow certain users to edit the list items? Site is SharePoint 2013. We have tried creating custom permissions. That does not seem to work.

    I've setup a custom list on my SharePoint Foundation using a custom permission level to accomplish this.  I setup a custom permission level on the site called 'Add Only to Lists'  which allows adding an item to the list and setup the group with
    the default read and the custom permission level and it works.  The users in the group get the add item but do not get edit item, not even items they created themselves.
    Any users who should have full edit permissions can be setup under the normal edit/contribute/design permission level and work normal.
    Below is the Role Definition pulled via PowerShell and Role Assignments on the list in question.  As well as a picture showing what it looks like to something assigned that role level.
    Role Definition
    Name : Add Only to list
    Description : Can add items to a list but cannot edit or delete
    Type : None
    Hidden : False
    Order : 2147483647
    BasePermissions : ViewListItems, AddListItems, Open, ViewPages
    List Role Assignments
    Member : Home Visitors
    RoleDefinitionBindings : {Read, Add Only to list}
    Parent : IT Equipment Request
    ParentSecurableObject : IT Equipment Request
    The user can create a new item, but cannot edit items - not even items he created.

  • I updated to Lion, and all of my events show up, but I cannot "add invitees" to any event. I can accept/reject invites, but cannot create them myself.

    Help!  updated to Lion, and all of my events show up, but I cannot "add invitees" to any event. I can accept/reject invites, but cannot create them myself.

    Purplehiddledog wrote:
    I do backup with iCloud.  I can't wait until the new iMac is available so that I can once again have my files in more than 1 location without needing to rely solely on the cloud. 
    I also rely on iTunes and my MacBook and Time Machine as well as backing up to iCloud. I know many users know have gone totally PC free, but I chose to use iCloud merely as my third backup.
    I assume that the restore would result in my ability to open Pages and Numbers and fix the problem with deleting apps, but this would also mean that if my Numbers documents still exist solely within the app and are just not on iCloud for some reason that they would be gone forever.  Is that right?
    In a word, yes. In a little more detail.... When you restore from an iCloud backup, you must erase the device and start all over again. There is no other way to access the backup in iCloud without erasing the device. Consequently, you are starting all over again. Therefore, it would also be my assumption that Pages and Numbers will work again and that the deleting apps issues would be fixed as well.
    If the documents are not in the backup, and you do not have a backup elsewhere, the documents could be gone forever.

  • Hi There for the last few days I can log into Icloud on my pc but I can't action anything. I can see the emails but cannot view them. I cannot compose a new email.. I don't know if this is icloud or my pc? Its working fine when I access on my iphone..

    Hi There
    for the last few days I can log into icloud via icloud.com on my pc but I can't action anything.
    I can see the emails but cannot view them. I cannot compose a new email.. I don't know if this is icloud or my pc?
    Its working fine when I access on my iphone.
    many thanks
    Cherry

    Just realised its fine through internet explorer but its Mozilla.. so assuming an issue with my browser?

  • I can send video's but cannot receive them?

    I have an iPhone 4. I can send video's but cannot receive them. This problem only started happening 2 weeks ago. Prior to that I had no problems receiving video's. I'm not sure if I have clicked on something or what has happened. If someone could please give me some tips it would be very much appreciated. Thanks

    Try closing all of your open apps, double click the home button when the multi-task screen comes up then hold your finger on a app until it start to wiggle and a red minus sign show up in the upper left corner. Tap the red minus sign until all of your apps are closed. Then restart your iPhone and try to receive a video.

  • I can send iMessage's but cannot receive them. Any help with fixing it?

    I can send iMessage's but cannot receive them. Any help with fixing these?

    Is this happening on cellular or Wi-Fi, or both?

  • TS3406 My IPhone4 will make calls - they can hear me bu I CANNOT HEAR THEM!! This has only just started happening, I have checked settings but all seems OK can anyone help please

    MY IPHONE 4 which has been working perfectly well has developed a fault on calls.
    It will make calls OK and they can hear me perfectly but I CANNOT HEAR THEM AT ALL.
    I have checked all the settings and cannot see anything wrong, can anyone help please!!

    Thanks for answering me. I tried what the help page said but still no luck. My son jut told me that his phone (same as mine) did the same thing and then resolved a little while later. I guess I might just have to wait and see.

  • Puchased some audio books. They are on my itunes, but cannot get them on my Shuffle?

    Purchased some audio books. They are on my itunes, butt cannot get them on my ipod shuffle.

    You can delete apps from itunes by going to the Apps section of the Library NOT the sync page. Select App and delete. It will then be gone from the App Sync page as well.

  • How to Restrict Users Rights to Change Select List

    Good morning everyone,
    I've got a select list that is populated using a basic query on a table. Lets say the items in the list are A,B,C and D.
    At the moment the users are able to choose any of those options and they are written to the database as expected.
    I want to prevent users from selecting option D unless they are a member of an authorization scheme, say SchemeX.
    I've tried a validation process but can only access the current database value not the value that the user is attempting to set.
    I've successfully used
    APEX_UTIL.PUBLIC_CHECK_AUTHORIZATION('SchemeX')
    to test whether a user is a member of SchemeX but can't quite get my hands on the value the user is trying to set.
    Any ideas would be gratefully received :-)

    Thanks for the replies.
    I tried the disable options method but unfortunately that doesn't work on IE 6 .. all my users are forced to use IE 6 at the moment. Works fine in Opera which I can use for testing purposes.
    Drawing on inspiration from this thread I managed to sort it out. I set "Display Extra Values" to YES in my Select List and inserted this query as the "List of values definition" :
    IF APEX_UTIL.PUBLIC_CHECK_AUTHORIZATION('OR_AUTHORISE_MANAGE') THEN
    RETURN
    'SELECT STATUS d, STATUS r ' ||
    'FROM LSTSTATUS ORDER BY STATUS ASC';
    ELSE
    RETURN
    'SELECT STATUS d, STATUS r ' ||
    'FROM LSTSTATUS ' ||
    'WHERE STATUS<>''Closed''' ||
    'ORDER BY STATUS ASC';
    END IF;
    If the user is a member of OR_AUTHORISE_MANAGE they get the full list. If they are not they get the list minus "Closed" ... unless the record has already been set to "Closed" in which case it is added as an "Extra Value".
    Thanks for the nudges :-)

  • I can see my photos but cannot move them anywhere or do anything with them

    I transferred photos as I have always done from my digital camera to Iphoto. After transferring the photos I deleted them from my camera. I can see the photos in Iphoto but I cannot move them anywhere, I cannot download them e.g. to send with an email, I cannot change them in any way, I cannot delete them.
    I thought I had done something wrong so I shot two more photos and put them onto my laptop exactly as before. These photos are fine and can be moved around as always. What now???

    Hi again
    That was a great help. Thank you so much. I could open "Show original file" on approx. half of the photos (there were 49 in all). I have been able to save those to my desktop. They were not copied and are now no longer in the original file.
    But it gets even stranger. When I right click on the others (20 in all) "Show original file" is not active and when I click on show file they are not in there. These I can not move in any folder whether "all photos" or events so are still lost to me at the moment. All the photos were taken from my camera at the same time. Do you have any more wonderful ideas?... Glinda11

  • I can send e mails but cannot receive them

    I can receive e mails but can no longer send them on my iPad 3 after downloading an apple update

    several things here, first you want to verify that your outgoing mail server settings match what your email providers outgoing server settings. - may need to contact them to get those. - you can edit those through settings/mail ocntacts, and calenders, tap that account.

  • My email messages are not loading. I have not changed any settings. I can still send messages but cannot receive them

    As of 5:30 pm yesterday my emails stopped coming in. When I open the account it shows I have 23 messages but nothing loads. I can still send messages and my internet connection is strong. How can I fix this?

    Troubleshooting Apple Mail
    What does Mail/Window/Connection Doctor Show? If the server is red, select it and look at the Show Details box.
    Troubleshooting sending and receiving email messages
    Troubleshooting sending email messages
    SMTP servers keep going offline

  • Users requiring Contribute permissions to add list item - why?

    I have a list in which I only wanted to grant Add and Edit permissions.  I made these custom permissions so I could keep people from deleting from this list.  However, until I bumped the list permissions up to Contribute, everyone got an Access
    Denied error.  Why would that be?
    There are no mistakes; every result tells you something of value about what you are trying to accomplish.

    What permission options you checked, there are couple of you need to must check along with add items and edit...
    you need Add ITems, Edit ITems, View Items, OPen Items, View application pages etc
    http://technet.microsoft.com/en-us/library/cc721640(v=office.15).aspx
    Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

  • I can open Windows Live with Ff4 and can 'see' emails but cannot open them. It was fine with Ff3. Is there a plug-in?

    If I right click on the messenger icon on the toll bar it opens windows live in firefox by default. Then the page just hangs. I can see the emails but cannot open them. It works ok if I load in internet explorer browser.

    That format is used primarily to record TV shows, which you are generally not allowed to edit.  So it's unlikely you'll find a plug-in or converter.
    Recapture using Premiere Pro or HDVSplit.  Those files will work.

Maybe you are looking for

  • Variable Substitution with tag attribute

    Hi, is possible to use variable substitution with tag attribute? as follow: <root directory="xxx"  filename="yyy">    <.... </root> using variable substitution for directory : root,1,directory,1                                                        

  • Photoshop 8.0 Question

    I have Photoshop 8.0 Elements but have not used it for years.  It will not launch, can't I still use it as a photo editor without the online Revel stuff?  This is a stupid question but I can't find a straight answer out there, what am I missing?  Sin

  • System is running very slow. any solution?

    system is running very slow. any solution?

  • Can MacBook Pro (Aug 2007) with Snow Leopard support A2DP headsets?

    Hi I have a MacBook Pro (Generation 3,1) bought in August 2007 (hence NOT Late 2007 model) and currently running Snow Leopard. I'm interested in getting myself a Logitech Bluetooth Wireless Headset, but it only supports devices with A2DP Bluetooth pr

  • TS3988 I have  anew e-mail. I can't change it in icoud

    What should I do to change my ICloud e-mail?