locked
How to restrict list items read and edit depending on a people field? RRS feed

  • Question

  • Hello All,

    I've a list with a people field "Managed By" in a MOSS 2007 environment (SharePoint 2007).

    3 different user profiles exist in this list:

    • basic users: can edit and view only their own items
    • limited managers: managers could edit and view only items they have to approve/manage (through "Managed By" field) ==> HERE IS MY PROBLEM!
    • General managers: can edit and view all items

    I've made several Google searches to limit my "limited managers" to see only items they have to manage/approve and I've identified 2 ways:

    • Modify Edit and view forms to hide confidential fields according to group of current user (seems to be a solution but click on Escape key break javascripts and confidential information is displayed... I've tried with JQuery...)
    • Use Audience but it seems to be not friendly for end-users and it's not a way to reduce security but only visibility

                   ==> so a limited manager could cheat and retrieve confidential datas reserved for General managers only

                   ==> I also search audience solution with SharePoint Designer Workflow but it seems that we can't set audience group fields in this way...

    Could you help me to find a solution without code?
    I don't see other solutions to solve my problem!

    Thanks for your help and your comments.
    Have a nice day.

    François

    • Edited by Francois__M Sunday, October 23, 2011 8:32 AM
    Sunday, October 23, 2011 7:49 AM

Answers

  • It is possible without code.

    Create 3 groups for 3 roles.

    Create doc library to store web part pages.

    Create web part pages for

    • Adding item to list
    • View items created by self
    • Limited managers view
    • General managers view

    Assign permissions appropriately.

    Note: You need to use Data view web part for all pages and disable or redirect the standard pages (DispForm, EditForm etc)

    This will take care of the security and provide necessary functionality.

    Hope this helps


    Shubham Goyal
    Monday, October 24, 2011 6:53 PM

All replies

  • You could try using EventReceiver and achieve this task programmatically.
    --Cheers
    Monday, October 24, 2011 9:24 AM
  • Hello Prasath,

     

    Thanks for your answer.

    In fact, I was looking for a solution without code and I'm not sure it's possible according to my needs...

    Regards.

     

    François


    François
    Monday, October 24, 2011 2:27 PM
  • It is possible without code.

    Create 3 groups for 3 roles.

    Create doc library to store web part pages.

    Create web part pages for

    • Adding item to list
    • View items created by self
    • Limited managers view
    • General managers view

    Assign permissions appropriately.

    Note: You need to use Data view web part for all pages and disable or redirect the standard pages (DispForm, EditForm etc)

    This will take care of the security and provide necessary functionality.

    Hope this helps


    Shubham Goyal
    Monday, October 24, 2011 6:53 PM
  • Hi Shubham,

     

    Thanks for your answer!

    Could you give more informations on "assign permissions" you're talking about?

    I suppose I'd need to define permissions:

    • at web page level (through Manage Permissions menu)
    • and for each link to allow or deny it's access according to current user rights: not sure to see how I can do that...

    Do you think that all users will not be able to force item view for example changing directly ID in URL?

     

    Whatever, thank you for this solution which seems a good idea!

     

    Regards.

    François
    • Edited by Francois__M Tuesday, November 1, 2011 1:43 PM
    Tuesday, November 1, 2011 1:39 PM
  • Use Document Library to store the web part pages so you can assign permissions on the library itself as well as on the pages using item level permission.

    In all these pages use DVWP. We will not be using the ID passed in query string, so users cannot modify URL and view different items.

    Start creating pages and using DVWP, you will be able to create a solution.


    Shubham Goyal
    Tuesday, November 1, 2011 7:30 PM