item level permission - Best practice or Worst practice ?

Jump to solution

I feel that the way security works in SharePoint, breaking role inheritance and adding unique permission to item can complicate the things if your list grows and have thousands of items. As the permission scope will be calculated for each permission  assigned to that item. Hence if let us say 1 item has 5 unique permission, and you have 11,000 items in your list down the line, you will end up having 55000 permission scope / set.

I was not sure if something we can do to avoid these situation and still use the item level permission or is there any guide that talks about nintex workflow - permissions best practices.


0 Kudos
1 Reply

Re: item level permission - Best practice or Worst practice ?

Jump to solution

Item Level Permissions Best Practice: Try to avoid using them at all!

As you've already mentioned, there is no way to really keep track of multiple thousands of single permissions in your environment. Imho that has nothing to do with Nintex, it's just SharePoint. There are governance tools available which support management of permissions, but the basic problem persists.

Talking about Nintex Workflow, I know that it's often a requirement to grant permissions on an item for only one person/group. What you can eventually do to improve the situation is to restore the permission inheritance at the end of your workflow (the set permissions action has that possibility). Which means only items with running workflows will have unique permissions, while "finished" items are already inheriting permissions again. If you can't grant the normal permissions after the workflow is completed, also think about using retention policies in SharePoint or maybe even inplace-holds.