I've build a custom SharePoint list that programatically adjusts permissions per list item. This part of the app works by clearing all permissions in the list item and adding permissions to the folks I want to grant Read or Contribute permission to. I believe this part of the application to be correct: selecting Manage Permissions on a list item I can see the appropriate users and roles for the list items in question in the Permissions list.
However, I was surprised to realize that only the user who submitted a list item can successfully edit the item. I'll describe what I'm seeing with the following two users: UserA and UserB. UserA submitted the list item. UserB is trying to edit the same list item after the permissions have been assigned (either manually or programatically).
UserB cannot edit the list item:
- UserB can see the Edit Item link on the item toolbar.
- UserB can click the link and will see EditForm.aspx.
- When UserB makes changes and presses submit, UserB encounters the out of box SharePoint "Access Denied" error page.
- The event handler for the list item update does not fire.
- Manually elevating UserB's permission to include Full Control does not affect the behavior above.
By contrast, UserA encounters far more predictable behavior:
- UserA can see the Edit Item link on the item toolbar.
- UserA can click the link and will see EditForm.aspx.
- When UserA submits, the changes are persisted and the user is redirected back to the item list.
- Event Handlers fire after UserA submits.
This leaves me with several questions:
- Is this an expected behavior for SharePoint that I managed to overlook?
- What can I do to allow UserB to modify the list item?