I have a sharepoint list which its default permissions are Owners - Full Control, Members - Contribute (so that members can add new items to the list).
The list has a Nintex form and workflow.
Each person should see only his/her own items (owners should see everything). When the workflow starts, it starts by removing the members permissions and adding the employee with edit permissions. The whole workflow takes about 5 minutes (not sure why, it's very simple), and the first permissions grant takes about 20-30 seconds which means that during this time all employees can see the posted items within that time-frame.
How can this be resolved? This is a major problem for us.
@shirane ..... Can you share your workflow design? Usually setting permission should not take time if it's running on a list item. What if you split the workflow? The first workflow will trigger as usual and first it will only set permission on your item and then trigger the other workflow which is doing rest of the process.
The other option is to create a custom permission and don't give your users an option to create views (personal views). Then create a new default view in your list where items are filtered using "Created By" or "Modified By" is [Me]. The only way one can see other person's item is if they new the exact item URL but if you're also setting up the permission then it shouldn't be a problem.
Thanks for your response.
I like your ideas, but the second idea is problematic because I also have other people permitted to the list item (the emp.'s managers, HR, etc.)
As for the first idea, Technically, I only care about the first permissions grant that should take place immediately so that the record is not exposed to all employees. And then that it will continue the workflow, so I'm not sure if a split is going to help me here.
It might help with the rest of the flow taking a lot of time, so I might do that, but I still want to know why it's taking so long for the first permission.
Here is the flow:
@shirane ....I see that you're using O365.....since it's cloud there are # of factors which might be affecting your performance...e.g. Traffic, Connectivity, Workflow Manager, Workflow Throttling, etc.
As I said before....views will work till your workflow finishes the process. You can implement both things. Also, if you're data needs to be so secure then is it ok to put it in cloud?
Another possible route - make a view of the list that only shows people items created by themselves (filter Created By = [me]) - then make a page, and add the WebPart to the page, using the view.
It stops people *seeing* the items they didn't create, even if they can still get to them by modifying the URL. If you did this in concert with the permissions, at least it covers your back while waiting for the workflow.
Hey @beckettj ,
Thanks! I do need certain people to see all items (administrators, HR, and managers to see their own team members' items).
I set a default view called "My items" which displays only the emp's items. and if someone wants to see more, they need to switch to the "All Items" view which will display only their permitted items.
It's not ideal, but better than before. Will appreciate more ideas.
Hi @kunalpatel ,
I created a default view for "My items". It's a nice solution, but not perfect. If there are more ideas, I'd appreciate it.
As for the data, it's an evaluation form, so it's ok to be on the cloud, but we don't want emp's to see their colleagues' forms.
Another route - again, not perfect - is to use two lists - one as a "request", and the other to "process". Therefore the request workflow can create the process list item, and permission it before running the workflow on it.
@shirane .....In that case create a custom permission which won't allow them to create any personal views and grant those permission to your employees. You can build custom permission using contribute permission as a template.