Users requiring Contribute permissions to add list item - why?

Similar Messages

• How to restrict user rights so they can add list items but cannot edit them once saved?

  I appreciate if you can help me with this. My beloved company uses SP2010, and I got the task to solve this issue using it, though I am not a programmer (basic html is still ok).
  I need a simple annual leave list with the following capabilities:
  1. Group of users (~100 members) should be able to create list items in a list that contains annual leave data. Columns are: Name, Leave start date, Leave end date, Team leader, etc.
  2. Once they fill in the new item form, a workflow notifies the team leader to visit the item and set a column "approval status" to approved or rejected.
  3. Based on this column value, another workflow notifies the requestor about the decision.
  4. After approval, users should be able to see their items in the list, but they should not be able to edit it.
  Sounds so simple, but I have big issues with point 4. as Sharepoint does not differentiate create and edit rights to a list item. As a result, requestor can edit dates of the approved items.
  Any hints how to solve this? Can impersonation help with this? Or should I add a new permission level to the site?

  Hello
  We are going to do the following things to accomplish your task
  create a new security permission level that will allow submit only
  create your annual leave list
  assign everyone the submit only permission
  add a workflow to send the email and modify the item permissions
  Ok first things first, on the sharepoint server open a powershell window and type the following powershell:
  $spweb=Get-SPWeb -Identity "<site url>";
  $spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition;
  $spRoleDefinition.Name = "Submit only";
  $spRoleDefinition.Description = "Can submit/add forms/files/items into library or list but cannot view/edit them.";
  $spRoleDefinition.BasePermissions = "AddListItems, ViewPages, ViewFormPages, Open";
  $spweb.RoleDefinitions.Add($spRoleDefinition);
  $spweb.Dispose();
  Now in your site you will have a new permission level called 'Submit Only'.
  Create your annual leave list and give all users read and submit only permissions.
  Now create a workflow against this list in sharepoint designer.
  Add a new step which should be an impersonization step
  1st action
  add permission: give the user and their manager (i am presuming you are capturing this information in your list so it will be recorded against the item) whatever control you wish, i.e. full control, contribute, etc.
  2nd action
  remove list permission: remove the group you initially gave read and submit only permission to and select the read and submit only permissions to remove from them, i.e. if you added the 'All Users' group, then when performing this action choose to remove
  the read and submit only permissions for the users 'All Users'.
  3rd Action
  Send an Email: Email Manager with notification.
  Regards
  Sergio Giusti
  http://sergioblogs.blog.co.uk/
  Whenever you see a reply and if you think is helpful, click " Vote As Helpful". And whenever you see
  a reply being an answer to the question of the thread, click "
  Mark As Answer".
  i just face the same issue and i create a new Permission level named "Submit Only". but i also have a custom web part that is added to my Create form . so when users tried to access the Create form they will get Access Defined. so is there a way to
  modify the permission level to be able to read web parts ?

• Requestors end users will not acces a site directly and add list items

  Hi
  i created a  site for IT services  and this site includes some lists for various services
  http://Intranet.com/Units/IT services 
  main site is http://Intranet.com
  and also workflow are configured  for these lists for create new item
  and only 3 type of users will work on these lists
  1)Requestors (Create,View rights)
  2)Contributers (Contribute permissions)
  3)Approvers
  Scenario:
  -- Requestors    will create list items and approvers will Open this list item and  edit list item like
   approve and add a Contribute userid in AssignedTO field
  ---Contribute user also will recieve email and he also Open item and edit ans save this list
  so basically its backend  , data inserted by requestors will  save in lists
  so here i need all  Requestors  end users will not acces IT services site and add list item directly in list.
  is any other option availabe that i will provide a  diffrent front end page for Requestors at root level  site (which is Intranet.com )
  and they will add and view only their data, and  Contributers  also  view and edit all users data.
  adil

  Hi adilahmed,
  You can use two web parts to show the list items for different group.
  In the List view page, add another list view web part, set the first web part list view to filter Created By field with Me, second list with all list items.
  Then set the first web part with audience Requested group, and second web part with audience Contributers group.
  Thanks,
  Qiao Wei
  TechNet Community Support

• Add list item using anonymous user in public website of shareopint 2013 office 365

  Can any body know the solution to over come of following error while add list item using anonymous user using CSOM in shareopint 2013 office 365 public website.
  I have tried following solution to narrow down the error from "Access permission"
  http://sharepointtaproom.com/2014/08/28/anonymous-api-access-for-office-365-public-sites/#comment-2304

  Try below:
  http://www.codeproject.com/Articles/785099/Publish-a-Form-for-Anonymous-Users-on-a-Public-Sit
  http://blogs.technet.com/b/sharepointdevelopersupport/archive/2013/06/13/how-to-allow-anonymous-users-to-add-items-to-sharepoint-list-using-client-object-model.aspx
  // Allows AddItem operation using anonymous access
  private
  static voidAllowAnonAccess(){
  Console.WriteLine("Enabling Anonymous access....");
  SPWebApplication webApp =
  SPWebApplication.Lookup(new
  Uri(webAppUrl));
              webApp.ClientCallableSettings.AnonymousRestrictedTypes.Remove(typeof(Microsoft.SharePoint.SPList),
  "GetItems");
              webApp.ClientCallableSettings.AnonymousRestrictedTypes.Remove(typeof(Microsoft.SharePoint.SPList),
  "AddItem");
              webApp.Update();
  Console.WriteLine("Enabled Anonymous access!");  
  // Revokes Add/Get Item operation using anonymous access
  private static
  voidRemoveAnonAccess(){
  Console.WriteLine("Disabling Anonymous access....");
  SPWebApplication webApp =
  SPWebApplication.Lookup(new
  Uri(webAppUrl));
              webApp.ClientCallableSettings.AnonymousRestrictedTypes.Add(typeof(Microsoft.SharePoint.SPList),
  "GetItems");
              webApp.ClientCallableSettings.AnonymousRestrictedTypes.Add(typeof(Microsoft.SharePoint.SPList),
  "AddItem");
              webApp.Update();
  Console.WriteLine("Disabled Anonymous access!"); 
  http://www.fiechter.eu/Blog/Post/12/Create-a-survey-for-anonymous-users-on-Office-365
  If this helped you resolve your issue, please mark it Answered

• Assign permissions to a list items

  I have a list with items.
  I want to give unique permissions to the list items . a) People in the country1 group should only be able to see the value in the first column Country1 (i.e. MyGroup1-Country1, MyGroup2-Country1, MyGroup3-Country1)
  b) If they have been added to MyGroup1 group they should only be able to see MyGroup1-Country1 value. This is the intersection of the first row and the first column.
  c)Can I give unique permissions to each item to achieve this, or is there any other better way to do it.
  Country1 Country2 Country3
  MyGroup1 MyGroup1-Country1 MyGroup1-Country2 MyGroup1-Country3
  MyGroup2 MyGroup2-Country1 MyGroup2-Country2 MyGroup2-Country3
  MyGroup3 MyGroup3-Country1 MyGroup3-Country2 MyGroup3-Country3

  That's very, very hard to do with SharePoint and cannot be done without custom development or tools.
  If a user has access to see an item then they can see all fields (columns) on that item. That's non negotiable. It's possible to hide the data but without going to server side customisation it's not a security barrier and even then it's not always fool proof.
  You might be able to get the same effect by having each 'cell' as a separate item and using nested folders with custom security levels on them to manage the item security. Country>MyGroup>Item

• Allow All Users To Add List Items But Only Certain users To Edit Them (SharePoint 2013)

  How do we allow all users to add items to a list, but only allow certain users to edit the list items? Site is SharePoint 2013. We have tried creating custom permissions. That does not seem to work.

  I've setup a custom list on my SharePoint Foundation using a custom permission level to accomplish this.  I setup a custom permission level on the site called 'Add Only to Lists'  which allows adding an item to the list and setup the group with
  the default read and the custom permission level and it works.  The users in the group get the add item but do not get edit item, not even items they created themselves.
  Any users who should have full edit permissions can be setup under the normal edit/contribute/design permission level and work normal.
  Below is the Role Definition pulled via PowerShell and Role Assignments on the list in question.  As well as a picture showing what it looks like to something assigned that role level.
  Role Definition
  Name : Add Only to list
  Description : Can add items to a list but cannot edit or delete
  Type : None
  Hidden : False
  Order : 2147483647
  BasePermissions : ViewListItems, AddListItems, Open, ViewPages
  List Role Assignments
  Member : Home Visitors
  RoleDefinitionBindings : {Read, Add Only to list}
  Parent : IT Equipment Request
  ParentSecurableObject : IT Equipment Request
  The user can create a new item, but cannot edit items - not even items he created.

• Allow user to access /edit/delete/add specific items in list

  Hi
  I have one custom list.
  every month department head is creating some activity because of which some items are getting added in that list pragmatically.
  like-
  departmentID item1
  item2
  DEPT001 item001
  item002
  DEPT001 item003
  item001
  DEPT002 item004
  item001
  After that User want to edit or delete or add new entries only related to their department only.
  How can allow user to edit/delete or add entries (full control) only related to his department in the same list?
  How can I assign users for this?
  Should I create another list having department id and user mapping?
  please suggest any soln.

  The flow is like,
  User(Dept head/department user)will select department from drop down and clik on button to add some entries against the department.
  once the entries done he just click on save button.
  after some time if department head/department user want to add/edit/delete some entries against his department then he should able to view only his deapartment entries.  
  Also the email is generated to his manager.
  So my question is how should I allow user to view his own entires only which should be available for him to add/edit/delete.?
  If I create one list of department  and on adding the entries against each department I will add departmentID for every entry so that I can filter them by department.
  but how to allow users for those entries? If I added user for each entry and if any department user changed then I have to change his name from all entries for that department.If the entries are more than 50 or 100 then it will be very difficuelt to handle.
  Also for multiple users for single department this is very difficuelt to provide access.
   is there any alternate solution for it?

• Creating a form to Add List Item and to a Document Library

  Hi,  I'm super new to sharepoint , and have what is probably a newbie question.
  I have a list and a document library.  The documents are linked to the items in the list. (1 list item may have one or moe documents associated with it).
  I need to create a form to add new list items that will at the same time upload documents to the document library.
  Do I use infopath for that?
  Thanks

  Hi,
  According to your description, when adding a new item to the current list, you might want to upload the attachments of this item to other Document Library as well.
  As a workaround, you can create an Event Receiver to capture the event when there is “An item was added”. In the Event Receiver, we can write C# code to copy the attachments
  from a list item to a Document Library.
  About how to create a simple Event Receiver in SharePoint 2013:
  https://msdn.microsoft.com/en-us/library/ff398052.aspx
  Here is the related code I use in this scenario, you can use it as a reference:
  using System;
  using System.Security.Permissions;
  using Microsoft.SharePoint;
  using Microsoft.SharePoint.Utilities;
  using Microsoft.SharePoint.Workflow;
  namespace SharePointProject13.EventReceiver1
  /// <summary>
  /// List Item Events
  /// </summary>
  public class EventReceiver1 : SPItemEventReceiver
  /// <summary>
  /// An item is being updated.
  /// </summary>
  public override void ItemUpdating(SPItemEventProperties properties)
  //base.ItemUpdating(properties);
  /// <summary>
  /// An item was added.
  /// </summary>
  public override void ItemAdded(SPItemEventProperties properties)
  // base.ItemAdded(properties);
  using (SPSite site = new SPSite("http://sp/"))
  SPList docDestination = site.RootWeb.Lists["Document"];
  SPList lstAttachment = site.RootWeb.Lists["List1"];
  SPFolder fldRoot = site.RootWeb.Folders[docDestination.Title];
  SPFileCollection flColl = null;
  if (properties.ListItem.Attachments != null && properties.ListItem.Attachments.Count > 0)
  foreach (String strName in properties.ListItem.Attachments)
  flColl = fldRoot.Files;
  SPListItem listtem = docDestination.Items.Add();
  SPFile FileCopy = properties.ListItem.ParentList.ParentWeb.GetFile(properties.ListItem.Attachments.UrlPrefix + strName);
  string destFile = flColl.Folder.Url + "/" + FileCopy.Name;
  byte[] fileData = FileCopy.OpenBinary();
  SPFile flAdded = flColl.Add(destFile, fileData, site.RootWeb.CurrentUser, site.RootWeb.CurrentUser, Convert.ToDateTime(properties.ListItem[SPBuiltInFieldId.Created]), Convert.ToDateTime(properties.ListItem[SPBuiltInFieldId.Modified]));
  SPListItem item = flAdded.Item;
  item[SPBuiltInFieldId.Created] = Convert.ToDateTime(properties.ListItem[SPBuiltInFieldId.Created]);
  item[SPBuiltInFieldId.Modified] = Convert.ToDateTime(properties.ListItem[SPBuiltInFieldId.Modified]);
  flAdded.Item.Update();
  How it works in my environment:
  Add an item with attachment in List1:
  In the Document Library, we can see the uploaded attachment there:
  Best regards
  Patrick Liang
  TechNet Community Support

• Need to add list items while clicking another list item.

  I want to know the steps to be followed to get the below functionality .
  EntityList EntityList
  dept
  emp
  all
  At run time when user clicks emp or emp ,dept,all these items should be to enitity list.
  Iam open any list other than LOV.
  Could you anyone help me how to work this functionality
  Thanks,

  Block Name:CONTROL
  List 1 List 2
  ENTITY_TYPE ENTITY_LIST
  Emp
  Dept
  All
  I have to add List1 item to List2 when user clciks on List1.
  In when-list-changed-trigger
  Declare
       v_list_id ITEM := find_item('CONTROL.ENTITY_LIST');
       v_list_value1 VARCHAR2(100);
  Begin
  Select :CONTROL.ENTITY_TYPE into v_list_value1 from dual;
  Add_List_Element('CONTROL.ENTITY_LIST',1,v_list_value1,v_list_value1);
  End ;
  Iam getting run time warning no list elemnets in entity_list .
  And the form is not showing any list elements in entity_list when i cick on list1.

• Generate Report -List item permissions against Each list Item

  Hi,
  I want to get "Item Permission" against each list item from List.
  I need to prepare a Report from this Information.
  Can anyone please help to get "Item Permission" against each list

  Hi,
  About how to enumerate permissions of each items using PowerShell, code snippet provided by Nancy in this similar thread would be helpful:
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/509b7ea1-bd54-4fe3-842b-32fdc52e4f73/enumerate-list-item-permissions
  With the data retrieved, then you can export it to a .csv file:
  http://blogs.perficient.com/microsoft/2013/01/how-to-combine-powershell-cmdlet-output-in-a-single-csv-file/
  Best regards
  Patrick Liang
  TechNet Community Support

• SP2010: Users with Contribute rights can Add but not edit items in Calendar View

  Hello,
  One of our users was recently trying to update a Calendar item in the Calendar view, but was unable to do so. Here are the facts of the case:
  - The members of the user's group have Contribute rights on the Calendar list, and on each of the specific Calendar items tested
  - I logged in as a member of the same group and am able to Add items in the calendar view, but when I click on an item title the Ribbon options (including Edit) are not available - whether I created the item or not
  - While logged in as a member of that group, I can edit calendar items using the Allitems view, using the dropdown menu and Edit Item (if I click on the item title, I get the item details without the Ribbon)
  - I created a new Calendar view ("Calendar2") but the problem was the same
  When logged in with admin rights, I get the Edit ribbon when I click on an item title from the Calendar view. Is there a way to do the same for non-admin users? Thanks. 

  Hi,
  According to your post, my understanding is that you were able to add items into a Calendar List, but you couldn’t edit some items of the Calendar List in Calendar View as a member of your group with Contribute rights. And if you edit the Calendar List’s
  items in the “All Events” view or log in with admin rights, you can edit these items.
  Therefore, I wonder if you use the “Calendar Overlays” to display some items of other Calendar Lists in the current Calendar List as John suggested.
  And if you don’t have permissions to edit items of other Calendar Lists, you can’t edit those items of other Calendar Lists in the current Calendar List in Calendar View.
  So, I recommend that you should check if using the “Calendar Overlays” to display some items of other Calendar Lists in the current Calendar List at first.
  If yes, you need to check if you have permissions to edit items of other Calendar Lists.
  For test, I suggest that you can create a new Calendar List and test to see how it works.
  Best Regards,
  Thanks
  Victoria Xia
  TechNet Community Support

• Sharepoint programmaticaly add list item under current user - 0x80070005 (E_ACCESSDENIED))

  Please help me.
  In our company, we developed an application under the Apple device to work with the company's internal services , including it in this application it is possible to send messages to the corporate blog portal, which is deployed on Sharepoint 2013 .
  The application architecture is as follows:
  Server on which you installed Sharepoint 2013 is called "SPS01", on the same server is deployed on IIS web application called "WS",
  application "WS" taken in a separate application pool from Sharepoint 2013 .
  All Apple client devices communicate with Sharepoint 2013 through the web application "WS". For us it is important that when applying for Sharepoint 2013 with mobile
  devices, Apple remained the security context of the authenticated user, as access to documents stored in Sharepoint 2013 demarcated .
  For what would be maintained security context authenticated users , we applied techniques such as impersonation and kerberos .
  Request goes like this:
  Apple client connects to the Web application "WS", on the "WS" configured
  to connect to Kerberos enabled and impersonation . (Apple iOS 7 support kerberos ) , then all customer interaction with Sharepoint 2013 going through "WS". Kerberos
  we use that to get rid of the problem of "double hopes" that occur when a web application "WS"
  refers to the other network resources that are beyond the server "SPS01".
  Example:
  Web application "WS", which is on the server "SPS01", refers to a
  file server «FS01», to get a list of documents from the usual file balls through kerberos and impersonation request comes on «FS01»
  from the user who is authenticated by web application «WS».
  But there was a problem:
  If the user enters the Sharepoint 2013 through the browser on your computer, it can successfully keep there blog post .
  If the user is drawn to Sharepoint 2013 from a mobile device Apple, and tries to leave a message in the blog , the error appears : Access Denied. Exception: Access is denied.
  (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
  Empirically by the following was revealed: I tried to give you a right to - it did not help:
  Administrator farm
  SQL database config and content - owner
  Administrator of User Profile Services
  Local Administrator
  BUT!
  When deploying Sharepoint 2013 group was created security domain - "domain \ farm_administrators" - which is in the local group Sharepoint 2013 - "Farm
  Administrators" If the user is included in the domain security group - "domain \ farm_administrators", then the user can successfully keep a blog
  post from a mobile device Apple.
  I want to note that this happens only through security group AD «domain \ farm_administrators»
  The question is, how can you determine what rights the special security group "domain \ farm_administrators" in Sharepoint 2013 , whereby the participants can successfully
  send messages to the blog with Apple mobile devices via the web application "WS".
  We also found a workaround , but it will not work as we would like.
  RunWithElevatedPrivileges
  http://msdn.microsoft.com/en-us/library/bb466220.aspx
  We can execute a part of the Web application "WS" with the highest privileges. In this case, the user was able to successfully send a message to your blog from your
  mobile device Apple.
  But when the code runs with the highest privileges - lost the security context of the authenticated user.
  In the author is shown as "System Account"
  public static XmlDocument addBlogMessage(string projectID, string text)
  XmlDocument response = new XmlDocument();
  string result = string.Empty;
  string webUrl = SPUrlUtility.CombineUrl(Constants.SITE_URL, projectID);
  using (SPSite site = new SPSite(webUrl))
  using (SPWeb web = site.OpenWeb())
  SPList blogMessagesList = web.GetList(SPUrlUtility.CombineUrl(webUrl, Constants.BLOG_MESSAGES_LIST_URL));
  SPListItem newBlogMessage = SPUtility.CreateNewDiscussion(blogMessagesList, "Сообщение");
  newBlogMessage[SPBuiltInFieldId.Body] = text;
  web.AllowUnsafeUpdates = true;
  newBlogMessage.Update();
  web.AllowUnsafeUpdates = false;
  result = "<response><userResult><code>Success</code><messageID>" + newBlogMessage["ID"].ToString() + "</messageID></userResult></response>";
  response.Load(new System.IO.StringReader(result));
  return response;

  Yes I make sure that the assigned field is filled as the workflow will not work unless that field is filled with a valid username.
  I am an administrator on this SharePoint site  and I am using several people to email to that are not admins on the same site.
  The issue seems to lie in the Workflow itself.  In the one step that I have "Send an email" you fill out what should go in the To: field in the email.  That is where it should say "Current Item:Assigned To" according to all the documentation I
  have read and what mine will only enter in the To: field is "Assigned To" only it is missing the key first part of where to look.  Even though when I go through the steps I have indicated that it the data should be found in the Current Item from
  the field of Assigned To and to return the information of email address, which is well with in the realm of this Action in Workflow. 
  I have been able to accomplish this in another workflow that is not meant to be Reusable and is tied to one list only.  This seems to only be an issue when trying to do this in the Reusable Workflow creation and execution and when I use the Association
  Columns.
  Any further ideas or suggestions?  Any would be appreciated.
  Regards,
  Lara K.

• How to Remove Edit permissions to a group/user when an list item is approved.

  Hi,
  We have a requirement of removing the edit permissions on custom list item when a item is approved, this I have to implement using OOB feature or customization and designer, but no code should be involved.
  Can anyone please suggest me to implement this.
  Thanks, Swaroop Vuppala

  Check this below
  You need to use item level permissions.
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/9e3a624e-77d3-432f-9a2b-3f25b925423a/how-to-remove-edit-and-delete-option-for-a-list-item-when-approval-workflow-is-complete-and?forum=sharepointgeneralprevious
  Please remember to click 'Mark as Answer' on the answer if it helps you

• Workflow 2010 set list item permissions

  I have a sharepoint 2013 list set up with two kinds of users (Approver and Employees) needing access:
  Approvers - need full control on the list/site
  Employees - can only have edit/read access to their own list item or entry
  I'm using SPD 2013 with workflow 2010 platform, the workflow runs when approvers submits an entry (via people picker) for an employee. The part I'm having trouble with is granting
  employees their permissions above when the item is created.
  Following a web example, in the impersonation step I'm simply using add list item permissions action to grant the employees.
  In another workflow I'm sending them notification to the edit form, but they can't access the link.
  If I add the employees in one of the site's permissions group like visitors group then they can access the list but that would give them access to everything.
  Hope I explained the issue well, please let me know if anything is not clear. Thanks in advance!

  Hi
  That's not actually true, when you create a group in sharepoint you don't need to assign it any permissions, i.e.
  you create a group called 'NewListViewers' and don't assign it any permissions to the site
  you add members to this group (they have no permissions to the site or content within the site)
  you then customise the permissions of a list and grant this new group whatever permission you want (presumably contribute), the group only has permission to the list.  Add the approvers group with full control and your done.
  As for having users read only own items, simply amend the advanced settings read access to be '<label for="ctl00_PlaceHolderMain_ItemLevelSecuritySection_ctl09_RadReadSecurityOwn">Read items that were created by the user</label>', now
  they can only view/edit their own items and approvers can see everything.
  Regards
  Sergio Giusti Sergio Blogs
  Linked
  In Profile
  Whenever you see a reply you think is helpful, click Vote As Helpful.
  Whenever you see a reply you think is the answer to the question, click Mark As Answer.

• Item-level Permissions availabe in list advance setting not working.

  Hi,
       Recently i had an requirement of maintaining item level permission. My requirement was that whenever an item is created in list, it should be created with uniqure permission. I know how to do it by writing
  custom code, but i don't want to do it with any code as client doesn't need any dll etc. After explroring i found that there is an option available in List's advance setting. Following are the steps i followed:-
  Go to List settting.
  Go to Advance setting.
  In advance setting we have "Item-level Permissions" as one of option. This option have two
  sub options.
  For Read Accesss
  select "Read items that were created by the user"
  For Create and Edit access select "Create items and edit items that were created by the user" 
  Save the above settings.
  Below is the screen shot for above mentioned setting:
  Expected behaviour from above setting are:
  Users can create new items
  User can view and edit items only those item that are created by them.
  But i found there is not change in item level permission. All users can View and
  Edit items created by other users. May i am
  misunderstanding above setting or there is Bug in sharepoint. Please help me if any body have any idea about it.
  Regards,
  Deepak
  Deepak Kejriwal

  Make sure that users have "Contribute" permission to the list, if the users have more permission at site level, then the list permission will be overridden by site permission.
  Refer the following article for more info.
  http://office.microsoft.com/en-us/windows-sharepoint-services-help/permission-levels-and-permissions-HA010100149.aspx
  --Cheers