ansaurus

Question

Answer 1

+1 A:

Not 100% sure it is fully clear what you are trying to achieve, but...

From my understanding of your question, what you want to do is assign unique permissions to a list item based on a value in the assigned to field of that list item.

The way I would do this is to create an event handler for your items list that runs when the list item is updated/approved etc. It would:-

Read the value in the assigned to field
Break permission inheritance on the list item
Assign the user in the assigned to field edit permissions to that item.

Paul Lucas 2010-04-01 16:37:06

thank you for answer. the system:Workers (here Worker1) will go and create a form by filling specific parts.The form is invisible for other workers. One person from Group1 has to approve it (randomly or there is a time shift).Now the form is visible for all workers.Also in the form there is a "assigned to" field. The person from Group1 who did the approval (perhaps at the same time while he is doing approve operation) has to add a worker name(worker2) to assigned to field.Now Worker2 has edit right for only Workers1's form not for other forms.Can we do this with work flows without coding?

ephieste 2010-04-01 17:25:18

Assume that Worker55 created a form and I approved it and assigned to Worker66. Now the form is visible for everyone because it is approved and also Worker66 has the edit right for Worker55' form (because assigned to: Worker55). I can delete Worker66 and write Worker77. Now Worker77 has edit permission for Worker55' form not Worker66. If I write Worker77 and Worker66 at the same time to "assigned to". Then both of them can edit Worker55' form.Do you get the situation?

ephieste 2010-04-01 17:37:49

I created Group1 (approval list) via Versioning settings.

ephieste 2010-04-01 17:42:19

Ok here is my summary. If a form is "approved", anyone can see it, but the only people that can edit the form are people in the assigned to field. Sound right?

Paul Lucas 2010-04-01 18:49:31

yes you are right!

ephieste 2010-04-07 05:25:25

Answer 2

+1 A:

as Paul Lucas mentioned, you could do it using an ItemAdded and ItemUpdated event receiver and methods like these, with added exception handling

public override void ItemUpdated(SPItemEventProperties properties)
{
    base.ItemUpdated(properties);
    SPListItem item = properties.ListItem;
    SetRights(item, ((SPFieldUserValue)item["AssignedTo"]).User, SPRoleType.Reader);                     
}

private void SetRights(SPListItem item, SPPrincipal principal, SPRoleType role)
{
    SPRoleDefinition RoleDefinition = item.ParentList.ParentWeb.RoleDefinitions.GetByType(role);
    SPRoleAssignment RoleAssignment = new SPRoleAssignment(principal);
    RoleAssignment.RoleDefinitionBindings.Add(RoleDefinition);

    if (!item.HasUniqueRoleAssignments)
    {
        item.BreakRoleInheritance(true);
    }
    item.RoleAssignments.Add(RoleAssignment);
    item.SystemUpdate(false);
}

kerray 2010-04-01 18:16:04

This is along the same lines that I was thinking. Based on the comments to my answer, this might need to be modified to take into account approval status (if approved then all users can read the item) and the fact that there may be more than one user in the assigned to field.

Paul Lucas 2010-04-01 18:54:22

Thank you very much. Where and how can I use this code? Because I cannot reach the servers and/or use add-ons. I have to design the system via Share point designer. That's all I am allowed to do.

ephieste 2010-04-01 19:31:05

well, then you're out of luck, because this would need to be in a dll class library, installed on the server - as is the case with almost anything in SP...

kerray 2010-04-01 21:21:46

I tried to design it with Share Point Designer and I think I can do something with several work flows.

ephieste 2010-04-07 05:27:03

ansaurus

tags:

views:

answers:

changing user permissions dynamically

related questions