Item Level Security problem

Similar Messages

• How to use Item Level security

  I am working on portal 9.0.2.6.18.
  I have a folder with 1000 items. I want to grant groupA
  access to 997 items and
  (Group B,GroupA) access to 3 items.
  How do i do this.
  Here is what i tried:
  1.enabled item level security on folder
  2.granted folder level access to groupA and groupB
  3.Changed access of 997 items to grant access to GroupA
  4.Did nothing to the 3 items which i wanted to give access to GroupA,GroupB
  Is there a better way of achieving this?
  I am not really comfortable granting folder level access to groupB, because if i miss overwriting privileges of an item (in step 3), then groupB will have access to that item. I would love to change just 3 items because they are the exception.
  How is this feature supposed to be used?
  Thanks
  Harish

  Martin,
  Thanks for the reply. I just cited 1000 items folder as an example. We have various complex combination of security requirements for folders and items. So creating sub-folders for each combination will not work for me.
  Everytime the security requirements change we have to move the items around, which can confuse users. And sometimes we have to create sub-folders to workaround the item-level security problems even when there is no logical business classification to a set of items.
  Harish

• Item level security, workflow and tab problems

  was wondering if someone could help us out with some problems we are having. We need to up and running over the next two days so anyone who could get back to us pretty quickly would be greatly appreciated.
  We are actually having a couple of issues which all revolve around three
  groups we have created (for simplicity we have only attached one user to each group). Here are the steps we took:
  Problems adding content:
  a) Added the three groups to the page group and gave them view access.
  b) Turned on approvals and set group3 as the approver.
  c) Added the three groups to the page and gave them view access.
  d) In the page properties, I enabled item level security.
  e) Added an item content area to the page.
  f) Added three pieces of simple content
  g) For content item1 I granted granted full access to group1(Own, manage, view), for content item 2 I granted full access to group2, etc.
  h) WHen I log on as a user in group1 I only see content item1. HOwever, when I edit the page I find I cannot add any items as user1.
  i) I went back to the page properties and changed the access of all three groups to "manage items with approval" but let the item level security as it was.
  j) When I logged on as user1 I found I could see all items now when I should only have seen content item1. What the hell? Can anyone tell me what I did wrong?
  Problems with item level security on tabs:
  a) Repeat steps a) through d) above.
  b) Create a content region and add three tabs: Home, Work, Life.
  c) On the Work tab changed portlet region to item region.
  d) Added three items with security exactly as I did above.
  e) When I signed on as user1 I saw all three items when I only should have seen item1. What the hell?
  f) I monkeyed around with the secutiry at the tab level but it didn't seem to make much difference. ANyone have any ideas what is going on here?
  Thanks in advance.

  Does the library have versions enabled? Also are these logins occuring within word/excel etc?
  If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
  There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
  want to.

• Item Level Security not working with Tabs

  I've Portal 9.0.2.2.22
  This issue is with Item Level Security with Tabs. Here is what I've have:
  Page Group: MyPagegroup (Privs: portal => Manage All)
  Page: MyTestPage (Privs: portal => Manage All,
  testUser => View)
  There is a tab called MyTab on page MyTestPage which has two items (simple images) image1 and image2. The tab's access privs have been set NOT to inherit from the page. The public check box has not been checked for the tab. I've specifically assigned access privs to the tab.
  Now here are the two scenarios that I'm having problem with:
  1) MyTab (portal => Manage All, testUser => view)
  image1 (ILS enabled: portal => Manage All)
  image2 (ILS enabled: portal => Manage All,
  testUser => View)
  When logged in as "testUser", I still see both the images on MyTab although image2 doesn't have view priv to testUser. My expected result is to see just image2 on the tab.
  2) MyTab (portal => Manage All)
  image1 (ILS enabled: portal => Manage All,
  testUser => View)
  image2 (ILS enabled: portal => Manage All)
  When logged in as "testUser", I still see NO images on MyTab although image1 has view privs to testUser. I would expect to see image1 on the tab.
  Question: In both the above cases, the tab privs seem to be dictating what the user sees regardless of what the item level privs are set to. Is this normal behavior or a bug? If a bug, is there a patch? Is there any way so that even after setting the tab privs, I still have finer control of what the user can access through item level privs?
  If I don't put the items under a tab, then things work as expected.
  thanks
  Lalit Agarwal
  Vienna, VA
  703-521-5200 x3610

  This is a known problem with the 9.0.2 release - fixed in 9.0.2.6.
  Regards,
  Jerry
  PortalPM

• Item level security not working when placed in a portlet page

  I have three page links linking to separate pages and have two of them with item level security turned on for specific groups with view privilges. I have the access for those groups with view privilges in the page level as well. I have published that as portlet and placed the portlet in another page which has view priviliges for the groups specified in item level as well.
  But I notice that when i place the portlet in a page, the item level security is not working.
  Item Level Security Not Working for Items Placed on a page and published as portlet and placed in another page. Is there some work around for this.
  Thanks
  Valli

  Would you please clarify for me? Is the problem that unauthorized people can see the portlet, or that unauthorized people can see the links?

• Access Tab not showing for item level security

  I have enabled item level security for the portal page I am working on, but the access tab for the items is not showing.
  I have come accross exactly the same problem on this forum and the advice was:
  Hi try the following :
  go to page properties
  set the item level security
  clear the cache
  clear your browser cache
  it should work "
  I have tried all that, closed and opened a browser but the access tab is still not showing. This is a 10.1.4 portal on LINUX. Starnge enough I have a testing environment installed on my Windows XP (AS 10.2.0.2 not upgarded to 10.1.4) and I don't have any issues with item security access tab at all.
  I would appreciate any clues.
  Regards,
  Anna

  There should be two icons shown for each item when you put the page in Edit mode - Edit and Actions. Click on the Actions icon and "Access" should be one of the links in the list of actions (like hide, expire, delete, move, etc.)

• WWSBR_ALL_ITEMS and item level security - BUG?

  Hi,
  View WWSBR_ALL_ITEMS does not seems to work correctly when using item level security on a folder.
  If I add an item to a folder with item level security enabled and do NOT define any special access settings for this item, ie the item setting is "Inherit Parent Folder Access Privileges", then the view does not return the item.
  Has anyone else run into this? Is it a bug?
  Any help appreciated.
  Portal 3.0.9.8.0
  Oracle8i Enterprise Edition 8.1.7.0 - 64 bit
  IBM AIX 4.3.3

  I've been informed that patch 3.0.9.8.2 will solve the problem. Sorry about the double post.

• Change item level security using wwsbr_api.modify_item

  Hi.
  Im using wwsbr_api.modify_item for change item level security.
  Its code for change type access for item of my procedure
  l_masterid := portal30.wwsbr_api.modify_item(
  p_master_item_id => 7061,
  p_item_id => 7062,
  p_caid => 136,
  p_folder_id => 1,
  p_display_name => 'test',
  p_region_id => 5,
  p_access_level => portal30.wwsbr_api.item_access,
  p_text => 'test change item security',
  p_addnewversion => true, -- My content area have item versioning
  level is audit
  After execute my procedure access type = folder.
  I see in wwv_things table new record
  masterthingid = 7061,
  id = 7064,
  security = 'folder'
  How to change item level security programmatically?
  Thanks

  Jerry,
  Please forgive me for persisting with this, and thankyou for your continued patience, but let me try to explain the issue I'm having in another way...
  I have a function that calls wwsbr_api.modify_item to change, say, the description. In this case "description" is the one and only thing I want to change about the item. As you've described above, I am able to query most things associated with the item (via wwsbr_all_items, wwsec_api.grantee_list, etc) so that I can pass current values to the wwsbr_api.modify parameters. However, I haven't found a way to query the current level of access control for a given item (i.e. wether it is currently set to ITEM_ACCESS, FOLDER_ACCESS, or null). As documented, I can force the item to be ITEM_ACCESS or FOLDER_ACCESS. However, I don't want to force a value and as we have concluded, passing null will nullify the current state.
  So, in summary, an answer to this question will solve my problem:
  Is it possible to query the current access control level of an item (either directly via one of the published views or indirectly via one of the views)?
  If the answer is yes - great that solves my problem. How please?!?!?
  If the answer is no - this must be a bug is it would mean that it isn't possible to use wwsbr_api.modify_item without inadvertently altering the current access control level of the item.
  Again thanks for your patience...
  Mark

• Menu item level security

  How can I enable item level security on a menu?
  I would like different users to see only parts of a menu.
  Portal 3.0.8.9.2
  I unchecked the "Inherit from Component" checkbox and can grant security to the menu as a whole, but not to a submenu or item. Is this possible?
  Thanks,
  Gary

  Hi Gary
  Although we are using version 3.0.9.8.1 I don't think that this makes the difference. For me there is a certain contradiction between your basic question and your actual answer.
  My conclusion: In the matter of fact you didn't uncheck the 'inherit from component' checkbox in the develop tab, but the 'inherit from application' one in the access tab,
  what is wrong and doesn't help to solve your problem!
  Find the 'inherit from component' checkbox - by editing the top level menu - near checkboxes like 'inherit from component' under COMMON OPTIONS like e.g. 'Show Timing' or 'Log Activity' and uncheck it. The SECURITY 'multi select box' is shown immediately.
  Hope this helps!
  Thanks
  Peter

• Item Level Security - Performance impacts

  We are planning to use Item Level Security but have read in the help that this means folder caching is not used. This will mean a performance degradtion.
  Has anyone used Item Level Security and ran into performance problems ?
  If so any guidelines on what is an acceptable limit in turns of size of content areas, number of items etc.
  Thanks
  Simon.

  I'd appeciate a reply as well. For now I've been using content as a PL/SQL stored procedure in a package and then wrapping is_logged_in code around it. It works but isn't cusomizable.

• Item Level Security - 9.0.2.2.22.

  Is there a problem with setting item level security? My scenario is one multitabbed page within a page group. My settings are shown below. I want some items on the page to be seen by the public and some to only be seen by certain groups - basically welcome messages, one for employees, one for customers.
  Page Group properties - nothing to set for item level security.
  Page Level properties - On Access tab set both 'Display Page to Public Users' and 'Enable Item Level Security'
  On 'Welcome' Tab properties for above page (not page group) - On Advanced Options tab set 'Inherit Access Settings from the Page' and 'Display tab to public users'.
  On subtab 'About Us' on 'Welcome' tab properties - same as above, i.e. On Advanced Options tab set 'Inherit Access Settings from the Page' and 'Display tab to public users'.
  On 'About Us' subtab region 1 - an item region - there is no access settings to make.
  On text item added to region 1 - On Access tab set 'Define Item Level Access Privileges' then added my EMP group; view item privilege. Only other grantee is PORTAL.
  The text item still shows up for public (without login) and everyone else that logs in; that is when no one signs in! Item Level Security settings seem to have no affect whatsoever. What did I set incorrectly?

  isn't there just a bugfix available?
  9025 isn't out yet - when will it be available ?
  markus

• Item level security for custom items in 902

  I've created several custom item types and created some items in a page
  that enables Item Level Security.
  Enabling item level security on any of these items cause
  Error 30694: Error in API - update item failed
  Steps:
  1. Create custom item type
  Extended simple text type
  added image attribute
  2. Create custom item
  3. Edit custom item just created
  Select Access / Item Level Security
  Select Define Item Level Access Privileges
  Hit Apply or OK
  -> Error 30694: Error in API - update item failed
  Same error is using a "Image" item type.
  The above steps do not cause an error if using the default types; e.g. Simple Text and Simple URL
  Also tried promoting the item type so its shared. No effect.
  Is item-level security only for base "simple" item types??? If so then this is a MAJOR restriction.
  Any help would be greatly appreciated.
  --jason mathews                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

  Hi Jason
  I filed a bug on this. See 2529787
  I narrowed the problem down to custom item types that have a file or image attribute and only when the item is edited by someone other than the orginial publisher.

• Item level security...

  We have an out of the box solution where users can log there meeting minutes in a custom list. The security of the site consists of about a 100 SharePoint groups which are being used throughout the site collection with different permissions.
  For the purpose of this solution we have each group belonging to one of four logical roles (Directors, Power Users, Employees (Internal) and Employees (External). There are about 50 groups that fit the role of Employees. We want to make sure that users can
  access only the items if they belong to this logical role. That means that an item created by employee has to be accessible by 50 groups.
  What would be the best practice to apply security in this situation since for item level security it would require that inheritance be broken at item level and 50 groups added to the permissions of that item.
  Regards

  We are often discouraged from using folders, but security is one place they are quite useful. Create one folder for each of your top level groups (Directors, etc), break inheritance on the folder and assign your 50 groups. Upload a file to the folder and
  all of the security you need has been applied. You general users don't need to know about the folders. Create view that "Show all items without folders". Keep one view with folders displayed for uploading files.
  Mike Smith TechTrainingNotes.blogspot.com
  Books:
  SharePoint 2007 2010 Customization for the Site Owner,
  SharePoint 2010 Security for the Site Owner

• ACL - ILS (Item Level Security) for Content Server & WebCenter Spaces

  We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
  After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
  I made the following configuration changes:
  UseEntitySecurity=1
  SpecialAuthGroups=SecurityGroups (comma separated list with no spaces and the application name is included)
  CS: Version:11gR1-11.1.1.5.0
  DB: 11.2.0.2.0 ---Oracle Database 11g Enterprise Edition
  WebCenter: 11.1.1.4.0 (in a clustered environment)
  Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.

  Hi ,
  Do you upload the documents from spaces or from UCM side ?
  When you say the security and account field are not displayed , is that when viewing the content or during update ?
  When the ACL features are turned off do you see the above fields ?
  Thanks
  Srinath

• Sharepoint 2013 / Office 365 Document library item level permissions problem

  Hello,
  I'm looking for a solution to enable users to upload documents to a document library, the ability to view other documents uploaded to the same document library, but able to edit or delete those other documents.
  With a list you can use Item-Level security in Advanced Settings but this is not available for Document libraries. I could use workflows to assign individual permissions to document, but the the library already contains over 2,000 documents and will continue
  to expand so I don't like the idea of having that many individual permissions set.
  Are there any 3rd party plug-ins or solutions to this issue?
  Thanks,

  Try below:
  http://www.hersheytech.com/Blog/SharePoint/tabid/197/entryid/28/Default.aspx
  As it turns out the, setting Item-Level Permissions in a library is fully supported with PowerShell!
  The PowerShell commands for changing this are very simple:
  $web = Get-SPWeb http://YourSite/
  $list = $web.Lists[“Your Document Library Name”]
  $list.ReadSecurity = 2
  $list.Update()
  $web.Dispose()
  Note the 3rd line which is where you determine the value for this setting using the following values:
  1 = “Read all items”
  2 = “Read items that were created by the user”
  If you wish to modify the values for Create and Edit access instead, replace .ReadSecurity with .WriteSecurity with
  the following values:
  1 = “Create and edit All items”
  2 = “Create items and edit items that were created by the user”
  4 = “None”
  For example:
  $web = Get-SPWeb http://YourSite/
  $list = $web.Lists[“Your Document Library Name”]
  $list.WriteSecurity = 2
  $list.Update()
  $web.Dispose()
  Also check 
  http://sppermissions.codeplex.com/
  If this helped you resolve your issue, please mark it Answered. You can reach me through http://freeit-support.com/