I want to allow a certain group of users to add items to a list, but not be able to view all items. This is so I can set up a workflow with certain parts of it private. I thought it'd be possible by defining a new permission level in:
http://servername/_layouts/addrole.aspx ('Add a permission level' page)
However, when you select the "add items" list permission, "view items" is automatically ticked also.
Anyone know a solution to this?
The View Items is a dependent permission for Add Items so not sure if we can add such permissions OOB in sharepoint, have a look here : (http://office.microsoft.com/en-us/sharepointtechnology/HA101001491033.aspx)
You can have a dirty workaround of creating 2 lists and than adding the code in the item added event of the first list to add item to another list and than remove it from the first list, not sure if this is a good solution . . .
Out of the box with SharePoint designer I can only think to use a workflow to move any items from a Public "dropbox" list to a secured list.
A user can see and upload items to the public dropbox, but immediately a workflow kicks off that just moves the content to another, identical, secured list. You can decide if you need to allow content overwriting or not.
A hacky workaround, but that without programming that is all SharePoint is. (My company won't let me write code to it yet)
You didn't really specify which kind of list you're using, but if you look in the list settings under "Advanced Settings" you'll probably find an "Item Level Permissions" section. This will let you choose to limit users to reading (or editing) only the items they've submitted. This goes above and beyond any other ACLs set on the list or it's items.
I think use Advanced permission is not accessible since it can not prevent the one who submits from view it, otherwise it is a good solution! Workflow should, I think, can do the job. Just make sure when an item uploaded the worklow is triggered. Then if you can build a workflow which can set specific permission to the item, all thing should be done. If you do not get your hand dirty with building workflow then go to 3w.sharepointboost.com when have a sort of plug and play solution called Column View Permission.
I was just working on a quick solution for this, doing research when I found this message. Besides the SPD workflow, will not work with anonymous users, I was thinking of doing a infopath html form that mails the form to a forms library. You can have one form library as the site to start the form and then have the results stored in a different forms library. Since you can set the form library to accept email from anyone you can prevent people from reading but they can still edit.
Have not tried this but if I run into problems will post comments.
As a half-way option you can set up the list to only show items to their owner (Settings > Advanced Settings and then set options for Read Access / Edit Access as "Only their own". This won't preclude a person from seeing all items that were added by them, but there won't be anything viewable outside of this permission (other than by a list owner).
I had a similar problem, where didn't want anonymous users seeing contents of list.
The same solution might work for this.
In SharePoint designer (for some reason couldn't edit page on web), open the DispForm.aspx page and on webpart properties, add a target audience (if want no one to see make webpart hidden) DO NOT DELETE WEBPART - doing this breaks your list totally!
Can do the same with AllItems.aspx
Hope this helps.
I completely agree with 'Ceesaaxp'. Under Advanced Settings for the list, set Read Access to Only Their Own. I created a Knowledge Management process, whereby I created two lists, one for pending knowledge articles, and one for approved. I modified the 'New Form' page for the Pending list and disabled a drop down box using JavaScript, which was used as the status of the article. This drop down is then set permanently as 'Pending'. I also created a new permission level which allows users to Add items only. I then created a workflow which moves the article into the Approved list when the status drop down box is set to 'Approved'.
I then changed the read only settings in advanced settings of the pending list to only their own, so all knowledge articles are approved before they are published.
@Jomit. Your workaround may work, but it has the racing condition problem. Users may still have a chance to see other items. This may be a no-no depending on your rules.
Regular lists in SharePoint offer this option under Settings/Advanced Settings/Item-Level Permissions. Albeit for some reason this option is missing from the GUI for Document and Form Libraries.
One possible solution is to write a simple program to make these changes using the SharePoint Object Model. http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.splist.writesecurity.aspx
// Sample code for setting writing and reading security on a form library
class Program
{
static void Main(string[] args)
{
using (SPSite site = new SPSite(args[0]))
{
using (SPWeb web = site.OpenWeb())
{
SPList list = web.Lists[args[1]];
list.WriteSecurity = 2;
list.ReadSecurity = 2;
list.Update();
}
}
}
}
You may want to look at the accepted answer here: http://stackoverflow.com/questions/735015/edit-only-owned-list-items-in-windows-sharepoint-services-3-0
As it provides a little workaround similar to what Sam Yates suggests
jeffreypriebe, you wrote about code running as the system account allowing a workflow to move an item from one list to another list where the user did not have permissions. I need to know what that code is...?
I have a wf that copies the list item from a list to a 2nd list that the user can't see, but has to have permissions to contribute for the wf to complete. Although the user can't see it once it is submitted, a smart user can do a sharepoint SEARCH to find the item. We don't want them to have access, so the code you are talking about would be awesome! Thanks