set user permission based on sharepoint group

  • 7 March 2017
  • 4 replies
  • 10 views
L
Badge +7

I am trying to use the Nintex workflow "set item permissions" actions (on prem, enterprise version) to lock down users from being able to see any items except what they have created or that has their name listed in a specific people field on the item. This is for a help desk ticketing system so I need the IT staff SharePoint group to have full control over all items. 

Is the set item permissions action the best way to do this? If so, any advice on how to get it to work? I am able to give the created by and employee contribute access but I do not know how to lock down other users from seeing items that aren't theirs nor do I know how to give the IT Staff group full access. I know I can use the "remove" and "full access" permissions in the drop down but how can I get all other domain users to have remove and all IT Staff users to have full control?

200572_pastedImage_1.png

4 replies

E
Userlevel 5
Badge +14

when you select 'remove existing permissions' all the item permissions are deleted.

then there's an 'Add user permission' option. if you click on it, it creates one another block of user+persmission fields that allows you to define for different set of users and/or groups different level of permissions.

so you can set permissions to contribute in first block for creator and employee and full control in second block for IT staff.

L
Badge +7

oh gosh, I do not know how I missed that I could select a group. So silly of me.... 

Does this look right to give IT Staff full control, the created by and employee contribute and prevent all other domain users from being able to see the item?

200608_pastedImage_1.png

E
Userlevel 5
Badge +14

don't mind, you can make a tick for 'lesson learned today' checkbox happy.png

1. you have chosen 'Remove existing permissions' along with 'Remove' for domain users.

that's moreless twice the same.

with 'Remove existing permissions' option all the permissions are removed from item. so to remove permissions for domain users once again is pointless.

if you haven't selected 'Remove existing permissions', then 'Remove' permissions for domain users anyway removes all the permission of users of the given domain. I assume all of "IT Staff', 'created by', employee (etc) are members of 'ADMHNdomain users' group. it would only preserved permissions for users of the other domain(s), if you ave any.

2. set permission action sets/processes the permissions in the order they are configured. so first it gives some permissions to IT staff, creator and employee, but then it removes permissions for all the domain users.so at the end no one is given any permission (or to be exact: no one from ADMHN domain)

if you don't need to manage permissions for several different domains in a different way, I would suggest to configure set permissions like:

- set 'remove existing permissions' on

- add permissions for IT staff, creator, employee

and I would suggest to check documentation, everything is explained in there

http://help.nintex.com/en-US/nintex2013/help/#Workflow/RootCategory/Actions/Nintex.Workflow.SetItemPermissions.htm%3FToc… 

L
Badge +7

Thank you for your help! It is working!

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings