Real World Item Level Permission Performance?

Similar Messages

• Item Level permission issue

  Hi,
  I have created a custom list for which I have added some users with contribute permissions(The users are not given access at site level). Each user creates  only a single item about himself. He should be restricted from accessing other list items in
  terms of editing/deleting the list items.
  Can you please help me in this regard.
  Regards,
  Chaitanya.

  Hello Chaitanya,
  You need to setup the item level permission from list settings-->advanced settings--> see below screen.
  After this user will be able to edit/view only own items.
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• SharePoint OOB Item level Permission under List Settings

  Users & Roles:
  Authors: User with author role can create a new item but can only edit/delete their own items and not other user items. They should not modify or view the list settings(Permission level - Contribute)
  Editor: User with Editor role can create a new item and can Edit/Delete their own items and also other user items. They should not modify or view the list settings(Permission level - Contribute)
  1. Created a new list.
  2. In advance setting enabled "Item-level
  Permissions" as follows,
  For Read
  Accesss selected "Read all items"
  For Create
  and Edit access selected "Create items and edit items that were created by the user"
  Now, User with Editor access can't able to Edit/delete other user items but can able to Edit/Delete their own items(same as user with Author role).
  Then i have changed the Editor access Permission level to
  Edit. In Edit Permission level  i have enabled Override Check-Out
  and disabled Manage Lists. But still user with Editor access doesn't satisfy the condition.
  kindly help me on this to resolve the above issue.
  For Read
  Accesss select "Read items that were created by the user"
  For Create
  and Edit access select "Create items and edit items that were created by the user"
  For Read
  Accesss select "Read items that were created by the user"
  For Create
  and Edit access select "Create items and edit items that were created by the user"
  For Read
  Accesss select "Read items that were created by the user"
  For Create
  and Edit access select "Create items and edit items that were created by the user"

  Hi Nishok,
  Agree with Paul's opinion, you can create an event receiver to set Item Level Permission. Here is the snippet:
  using System;
  using System.Diagnostics;
  using System.Threading;
  using System.Windows.Forms;
  using System.Security.Permissions;
  using Microsoft.SharePoint;
  using Microsoft.SharePoint.Utilities;
  using Microsoft.SharePoint.Workflow;
  namespace ItemLevelSecurity.ItemSecurity
  /// <summary>
  /// List Item Events
  /// </summary>
  public class ItemSecurity : SPItemEventReceiver
  /// <summary>
  /// An item was added.
  /// </summary>
  public override void ItemAdded(SPItemEventProperties properties)
  SPSecurity.RunWithElevatedPrivileges(delegate()
  try
  using (SPSite oSPSite = new SPSite(properties.SiteId))
  using (SPWeb oSPWeb = oSPSite.OpenWeb(properties.RelativeWebUrl))
  //get the list item that was created
  SPListItem item = properties.ListItem;
  //get the author user who created the item
  SPFieldUserValue valAuthor = new SPFieldUserValue(properties.Web, item["Created By"].ToString());
  SPUser oAuthor = valAuthor.User;
  //assign permissions to task author
  AssignPermissionsToItem(item,oAuthor,SPRoleType.Reader);
  //update the item
  item.Update();
  base.ItemAdded(properties);
  catch (Exception ex)
  properties.Status = SPEventReceiverStatus.CancelWithError;
  properties.ErrorMessage = ex.Message;
  properties.Cancel = true;
  public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
  if (!item.HasUniqueRoleAssignments)
  item.BreakRoleInheritance(false, true);
  SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
  item.RoleAssignments.Add(roleAssignment);
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Workflow for Changing Item Level Permission in SharePoint 2013 (Office365)

  I am using OOTB Tasks List in SharePoint 2013 (O365). Now my scenario is like this:
  I have two user groups: 1.Sales Managers 2. Sales Executives
  Sales Managers can create & assign task to Executive.  I want something like Sales Managers Can view all tasks (Which is by default view of tasks list i.e. perfact) but Executives can see only their tasks assigned to them. How can I achive this?
  Can I use WorkFlow for this to Change item level permission or to assign permission to assigned to user? or JS
  Can anyone have proper solution? thanks

  1. make 2 SharePoint group 1>Sales Managers 2>Sales Executives
  2. Show 2 WP of same task list in same page.
  3. Use Audience Target for Sales Managers Sharepoint group in first Webpart property. (All
  Iten view)
  4. Show "My Task" view (assign to =[Me]) Bottom WP for same task list and use Audience Target for Sales Executives. Or if you want it to see
  Sales Managers as well, the dont use any Audience Target.
  Bottom line - SharePoint group use in Audience Target will do the trick. OOTB
  Regards Sudip Misra [email protected] +1-412-237-5435 Pittsburgh, PA

• Item Level Permission does not work as designed

  Here is the problem. 
  We have a site with a site members group with created permission level called vnContributor that differs from contributor in that they cannot edit delete items or versions, or create alerts. 
  We have a site owners group who have a custom permission level called vnOwner that allows them to add, edit, delete, view, and open items and view versions.  They do not have "Manage Lists" 
  The list permission settings were set to view everyone and edit everyone.  In this setting, however members could not see or edit anything, and owners could see and edit everything, regardless of whether it was theirs or not. 
  So I changed the list permissions level to edit only their own and changed the members to the OOTB contributor permission level.  I then opened the calendar and added a new item as a user in the members  group.
  There was no change.  Members still could not edit their items.  Owners could see and edit everyone's items.
  This is not how this is advertised to work. 
  ERJ MCSD MCDBA

  On June 11, 2008 Rachel.lane entered the following request
  "I would like to hide/show the edit button on a list item's edit form based on whether the user is the item's creator.  The reason I want to do this is because SharePoint's out-of-the-box behaviour is such that when a user edits someone
  else's item, the Access Denied page pops up AFTER the user makes his/her edits and presses ok.
  " My users want the edit button to be hidden so they don't have to go through the steps of making the edits, press ok, and then find out their access is denied."
  My users want the same thing. 
  Alex Santos1 said that "One approach is to give each list item it's own permission- giving the owner (creator) full access while giving everyone else read access."
  However everything I seen about giving item level permission seems to utilize the method I've already been doing which does not hide the Edit button.  Does anyone know how to pull off what he was suggesting?
  ERJ MCSD MCDBA

• Sharepoint 2007 Setting Item level permission

  How do i set item level permission using SharePoint 2007 workflow. As I've been working on employee leave management, time sheet entry and attendance, quite similar to Orange HRM features...And also being a beginner who never had any hands on SharePoint.
  It would be really grateful if anybody comes up with all the help for me.
  Employees should not be able to see each other's personal information like contact details, email addresses, etc other than the Admin. How do i do that step by step automatically using a workflow using SharePoint 2007....?
  Thank You.

  you can use the http://spdactivities.codeplex.com/ Grant Permission on Item workflow activity from codeplex and build the workflow.
  Below are the few examples
  http://sharepointgeorge.com/2010/item-level-permissions-infopath-forms-sharepoint-designer-workflows/
  http://www.codeproject.com/Articles/18415/Custom-Activity-Workflow-for-implementing-Item-Lev
  hope this helps.
  My Blog- http://www.sharepoint-journey.com|
  If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

• Item level permission on workflow task List using sharepoint designer 2013

  Hello All,
  I have created a custom approval workflow. Workflow create a Task in Tasks List.  Now suppose A task is assign to user1. 
  User2 should not able to edit\approve\reject the item.
  How to give item level permission using SharePoint designer in SharePoint 2013 workflow.
  SharePoint 2013 workflow doesn't have impersonation steps also.
  Please suggest how to give permission on task list based on assigned To field.

  In order to change permissions on a list item you'd need a sharepoint 2010 workflow according to http://msdn.microsoft.com/en-us/library/jj728659.aspx
  Unfortunately this functionality is not available in SharePoint 2013 workflows :-(
  The impersonation step still exists, but it is now called "App Step" in the SharePoint Designer 2013 Ribbon. This step is disabled, though, until you activate a web site feature called "Workflows can use app permissions"

• Get the item level permission in sharepoint 2013 uisng rest api

  I created the test list  and i created the 5 items in that list.
  I stopped the item level permissions.
  I shared the list item with userA.
  In the rest api response, it giving the other users also (means user who is not having permission to the item).
  I am using below rest query
  /_api/Web/GetFileByServerRelativeUrl('/site/Lists/test/1_.000')?$expand=Versions,Author,ModifiedBy,ListItemAllFields/RoleAssignments/Member/Users,ListItemAllFields/FieldValuesAsText,ListItemAllFields/ParentList

  Hi,
  Following are the steps, I performed:
  After adding the item in the list, I went into list item permissions and clicked on stop item permissions. Then I selected all the permissions which got carried over to the item and clicked on "Remove user permissions" in the ribbon. After that
  I clicked on Grant permissions in the ribbon and shared the item with one user. Note that last action can also be performed by going back into the list and selecting the item and click on Share.
  Finally, I ran the above REST query and returned the user with whom the item was selected and also the system account (which is expected, as admin will have access.
  You can try shortening your query as well
   /_api/Web/GetFileByServerRelativeUrl('/site/Lists/test/1_.000')?$expand=ListItemAllFields/RoleAssignments/Member/Users
  This will return the relevant user permissions and response will contain lesser data and hence will be easier to read. Lastly, try intercepting the traffic
  using fiddler, as again it will in reading the response.
  Thanks,
  Nadeem
  Please remember to up-vote or mark the reply as answer if you find it helpful.

• Workflows: How to send email to item level permission groups

  I used SharePoint Designer 2010 to create an impersonation workflow which changes (reduces) item level permissions to the item creator and 1-2 other Active Directory groups when an document is added to the library. There are about 26 permission combinations
  which are based on the document's properties.  So far, everything seems to be working correctly.
  My question: is it possible to send a reminder email to the item level creator and group(s) - EG 7 days after the item was added? Would this be included in the impersonation workflow or could it be performed in a separate workflow?
  In advance, thanks for suggestions!

  Hello,
  You can include the email notification in same email to send only one after 7 days. Use Pause for action and you can define the condition when you want to send email if any.
  If you want to send continuously reminder email after some period then you also need to create one more small WF with one condition which will hit first WF continuously until you meet your expectation.
  http://sharepoint713.blogspot.in/2011/09/sharepoint-designer-workflow-to-send.html
  http://www.smellslikesharepoint.com/2012/06/26/sharepoint-2010-workflow-pause-until-date-and-time/
  Hope it could help
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• Item Level Security - Performance impacts

  We are planning to use Item Level Security but have read in the help that this means folder caching is not used. This will mean a performance degradtion.
  Has anyone used Item Level Security and ran into performance problems ?
  If so any guidelines on what is an acceptable limit in turns of size of content areas, number of items etc.
  Thanks
  Simon.

  I'd appeciate a reply as well. For now I've been using content as a PL/SQL stored procedure in a package and then wrapping is_logged_in code around it. It works but isn't cusomizable.

• SharePoint Item level permission is not been carrying to Folder and Library permission SharePoint 2013

  Good Day
  I have a document library with multiple folders containing documents.
  Security "Group A" views all content.
  Security "Group B" gets granted permission from the users in Group A by running a workflow.
  Problem:
  When users in "group A" runs the workflow on the document level the permission is not carried to the folder and library level.
  So users in "Group B" are unable to view the folder or library in which the document is located.
  Thanks

  We have found that many unneeded mistakes are made when dealing with SharePoint permissions. As a result we created a Data Room product for SharePoint Online and SharePoint 2013 
  that allows users to easily share, track and analyze files and greatly simplifies permissions in SharePoint. 
  Take a look, we are offering it free for 6 months.
  http://www.codeasite.com/index.php/CAS-Data-Room

• How to set item level permission for list item in SharePoint 2013

  Hi we had a custom List "ABC".
  List had 2 columns:
  Project Name: (P1, P2, P3, P4, P5, P6)
  Project Leads: (PL1, PL2, PL3, PL4, PL5, PL6).
  All project Leads can have permission to edit only their Project (P1, P2, P3) like
  PL1 can edit P1
  PL2 Can edit P2.....
  But my Question is how to restrict PL2 cannot have permission to edit P1
  is it possible to set permission for this through OOTB in SharePoint 2013.
  Any help will be appreciated......

  Hi
  check this similar post
  http://social.technet.microsoft.com/Forums/ro-RO/e1ea3655-0c6f-4b3d-a336-c42e8eb54c09/rights-to-edit-own-items-for-list-residing-on-publishing-site?forum=sharepointdevelopmentprevious
  Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

• Best Practice: Dynamically changing Item-Level permissions?

  Hi all,
  Can you share your opinion on the best practice for Dynamically changing item permissions?
  For example, given this scenario:
  Item Creator can create an initial item.
  After item creator creates, the item becomes read-only for him. Other users can create, but they can only see their own entries (Created by).
  At any point in time, other users can be given Read access (or any other access) by an Administrator to a specific item.
  The item is then given edit permission to a Reviewer and Approver. Reviewers can only edit, and Approvers can only approve.
  After the item has been reviewed, the item becomes read-only to everyone.
  I read that there is only a specific number of unique permissions for a List / Library before performance issues start to set in. Given the requirements above, it looks like item-level permission is unavoidable.
  Do you have certain ideas how best to go with this?
  Thank you!

  Hi,
  According to your post, my understanding is that you wanted to change item level permission.
  There is no out of the box way to accomplish this with SharePoint.               
  You can create a custom permission level using Visual Studio to allow users to add & view items, but not edit permission.   
  Then create a group with the custom permission level. The users in this group would have the permission of create & add permission, but they could no edit the item.
  In the CodePlex, there is a custom workflow activities, but by default it only have four permission level:
  Full Control , Design ,Contribute and Read.
  You should also customize some permission levels for your scenario. 
  What’s more, when use the SharePoint 2013 designer, you should only use the 2010 platform to create the workflow using this activities,
  https://spdactivities.codeplex.com/wikipage?title=Grant%20Permission%20on%20Item
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Item-level Permissions availabe in list advance setting not working.

  Hi,
       Recently i had an requirement of maintaining item level permission. My requirement was that whenever an item is created in list, it should be created with uniqure permission. I know how to do it by writing
  custom code, but i don't want to do it with any code as client doesn't need any dll etc. After explroring i found that there is an option available in List's advance setting. Following are the steps i followed:-
  Go to List settting.
  Go to Advance setting.
  In advance setting we have "Item-level Permissions" as one of option. This option have two
  sub options.
  For Read Accesss
  select "Read items that were created by the user"
  For Create and Edit access select "Create items and edit items that were created by the user" 
  Save the above settings.
  Below is the screen shot for above mentioned setting:
  Expected behaviour from above setting are:
  Users can create new items
  User can view and edit items only those item that are created by them.
  But i found there is not change in item level permission. All users can View and
  Edit items created by other users. May i am
  misunderstanding above setting or there is Bug in sharepoint. Please help me if any body have any idea about it.
  Regards,
  Deepak
  Deepak Kejriwal

  Make sure that users have "Contribute" permission to the list, if the users have more permission at site level, then the list permission will be overridden by site permission.
  Refer the following article for more info.
  http://office.microsoft.com/en-us/windows-sharepoint-services-help/permission-levels-and-permissions-HA010100149.aspx
  --Cheers

• Read all items when when item-level permissions set

  I have a SharePoint 2010 list where the general user population should be able to submit and read only their own items.
  Item-level permissions set as follows:
  Read access : Read items that were created by the user
  Creaed and Edit access : Create items and edit items that were created by the user
  That works fine.
  Now, I have a small group of power users that need read-access to all list items. I can do that by granting 'Contribute' permissions, but I don't want them to be able to modify items, so I prefer granting only read permissions. When I do that, they can't
  see all the items due to the item-level permission settings.
  Is there a permission level that I can use (perhaps a custom permission level) that enables a read-all (and overrides the item-level permission)?

  With these specific settings, there are not. It is possible to do security through obscurity by only showing views that allow the users to see their items and use audience targeting for the others, but that is not true security, so it will depend on your
  requirements.
  Andy Wessendorf SharePoint Developer II | Rackspace [email protected]