tags:

views:

1397

answers:

4
Q: 

Sharepoint Item Level Access & performance

i have created a workflow activity that do give the item creater of a specific list full control on the item and set everyone else to read only access (permission)

someone told me that doing it this way (if i have a lot of users) the performance will go down dramatically

is that correct ?!!

if yes what is the best solution to create a list where any one can create new items but after the item is created only the creater can edit it and the rest of the users can read it only

+1  A: 

Yes, you might solve this with workflows but that might be a bit clumsy and it might slow your server.

The better option is to use List Settings > Advanced Settings > Item-level Permissions.

This feature is not available for Document and Form Libraries.

Toni Frankola  2008-09-17 17:21:48
advance settings --> item-level permissions are good choice if i want to get special access to the creator of the item but what if i want to give it to some one else (manager, owner of item)
Ali  2008-09-18 10:04:30
+1  A: 

Performance degradation will happen when you use large ACLs for each list item. Just make sure that item-level permissions basically have the minimum entries. For example:

  • The user that has permissions to edit that item
  • A single security group that contains all the users with only Reader permissions.

So, can Sharepoint offer these default permissions OOB? Not that I'm aware of. The only option that I can think of is using workflows that set these permissions dinamycally when the document is uploaded.

If you want to avoid performance degradation just make sure that you never display (or iterate using the object model) more than 2000 of those items in a Fine Grained Permissions list. THAT would definitely cause major performance issues.

Sacha  2008-09-17 20:44:40
+1  A: 

It is true that a list that contains a large number of items with custom permissions applied, will slown down your server. This is document in the official Microsoft paper Plan for software boundaries.

The recommended/magic number is 2000. Going further won't break anything, but it could be that you will run into performance issues.

Jan Tielens  2008-09-18 09:33:00
+1  A: 

The accepted answer is not actually answering the question correctly...

You should not use a workflow to do this, if you want people to be able to edit items they create and only read ones they did not, use "List->Settings->Advanced Settings->Item-level Permissions", and this is available for document libraries (since they inherit from SPLIST) it just does not show up in their "Advanced Settings" in the UI. You can set the ReadSecurity property to 1 and the WriteSecurity property to 2 on the Document Library.

http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.splist.writesecurity.aspx

spdevsolutions  2008-09-19 21:25:33

related questions

Can't copy file with appropriate permissions using FileIOPermission
GetProcessesByName() and Windows Server 2003 scheduled task
Starting a process in C# with username & password throws "Access is Denied" exception
How do you set directory permissions in NSIS?
PHP: How to check if a directory is writeable?
sudo echo "something" >> /etc/privilegedFile doesn't work... is there an alternative?
What is the best way to create a security architecture?
Hierarchical Group Permissions Theory/Resources?
Why is access denied when installing SSL cert on IIS 5?
What databases do I have permissions on
Can an iPhone App Be Run as Root?
SQLite/PHP read-only?
Multiple permission types (roles) stored in database as single decimal
SharePoint Permissions
CakePHP ACL Database Setup: ARO / ACO structure?
LINQ and Database Permissions
What's the best way to implement a SQL script that will grant select, references, insert, update, and delete permissions to a database role on all the user tables in a database?
php scripts writing to non-world-writable files
How do I detect if a function is available during JNLP execution?
Implementing permissions in PHP
Access Control Lists & Access Control Objects, good tutorial?
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
Where should I put my log file for an asp.net application?
What is the best way to handle multiple permission types?