Solved

Office 365 SharePoint Online: SharePoint List Item Level Custom Permission

  • 12 January 2015
  • 5 replies
  • 28 views

Badge +6

Need to setup the list item so that;

a) Only initiators can read/edit their item

b) Approver group should be able to read/edit their item.

AdvancedSettingsListItem.png

This is great for the initiator of the item.

How do we enable a SharePoint Group say "List Item Approvers" Group to be able to View all and Edit all items?

New to Nintex Workflow but, I have obtained the desired result by using Impersonation Step in SharePoint Designer(2010) workflow with other lists.

Would like to know if there is a similar action/step in Nintex Workflow Designer. If not, what is the recommended method to setup this level of permission in list item using Nintex Workflow for Office 365.

icon

Best answer by swethasan 13 January 2015, 19:06

View original

5 replies

Userlevel 7
Badge +17

If you were allowing all users to read "published" or approved content, then simply turning on "content required approval" on the list would provide that default behavior for an approvers group. The approvers would be the only other group who could see unapproved or unpublished content. But if no user can read anyone else's content even after approval, then you will most likely require the approval group to have Full Control on the list in order to read other's content.

Badge +6

Thanks Andrew, Will try this solution and let you know how it turned out!

Badge +6

This guidance seems a little misleading to me.

For approvers to see items submitted by others, they only require the Manage Lists base permission that can and should be granted outside of Full Control, as a best practice. Full Control also invites unneeded potential SharePoint Designer customizations, permissions changes, etc. from users who might not know exactly what they're doing.

Moreover, Full Control on a security scope (such as Folder or List / Library) doesn't warrant for all content inside it being available, because there may be other scopes inside with unique permissions.

If the user who "stopped inheriting permissions" chose to remove the permissions of Approvers, they won't have access inside the narrower scope despite their Full Control.

Only the site collection administrators, super users and web application auditors will see everything there is inside.

Badge +6

So, I tried a couple of things and found one to accomplish the task at hand.

1) Tried to use the Office 365 update item permission action seen in picture below with the help from

http://help.nintex.com/en-US/O365/Default.htm#cshid=NL927A6553557448718437CFDA3BF2F8DC

O365UpdateItemPermission.png

Although this didn't seem to the have the required updated permission of the item.

2)  Setup the permission of the sharepoint list  as seen below:

  • Approvers SP Group with Approve permission.
  • Members, who have to add item to the list but not see others with Edit permission. But, setting the Read/Edit to only the authors of the item.

O365ListItem.png

AdvancedSettingsListItem.png

Approvers can now see all the items in the list immaterial of their status of approval, and initiators only their items.

Will update on any additional actions as and when I observe them or apply.

I always believe that here are many ways to solve a problem. If this solution can be made better, would be more than happy to improve upon it. Appreciate all the inputs!

Badge +9

Swetha

Do I take it that the second of the options you describe solved your issue.  In my case I want to assign item level permissions a document when it is first created. Ideally, I want the permissions lookup to be based on the Content Type used. so  a set of editors and a set of approves . I was hoping the Office 365 Update Item Permissions could assist here.

Daniel

Reply