Automating item-level permissions in SharePoint document libraries and lists

workflowitemlevelpermissions

Item-level permissions come in handy for a number of situations. Here are some examples and food for thought:

  • Travel plans are submitted to a list, but only those in people columns (supervisor, director, traveler) are allowed to see or find the plan by search.
  • Allow “content owners” to edit documents, and everyone else to view only.
  • Allow non-admin individuals to set editing permissions for documents or list items by populating a people column

Using a SharePoint Designer 2010 Workflow and an impersonation step, we can:

  • Add list item permissions
  • Inherit list item parent permissions
  • Remove list item permissions
  • Replace list item permissions

This tutorial will use the “replace list item permissions” action. Whenever you’re replacing permissions, you must remember to INCLUDE YOURSELF or admin individuals in the replacement permissions or you won’t be able to access the content or help with troubleshooting. Let’s begin!

  1. Create a new workflow on the list or library for which you wish to alter permissions of its contents
    newworkflowonlist
  2. Set the workflow’s “Platform Type” to SharePoint 2010 Workflow
    2010workflow
  3. Click above or below the default “Step 1” box so you see an orange line outside the box
    orangelineoutsidebox
  4. Add an impersonation step
    impersonationstep.PNG
  5. Delete Step 1 (right-click gray header bar, click “delete”)
    deletestep.PNG
  6. Click inside the impersonation step so you see the orange line
    insideimpersonationstep.PNG
  7. Click Action, then “Replace list item permissions” OR begin typing “replace” and hit enter
    actionreplacepermissions.PNG
  8. Select the hyperlink called “these permissions”
    thesepermissions
  9. Select “Add”
    addpermissions
  10. Select “Full Control” and then “Choose”
    fullcontroladd
    choose.png
  11. Set yourself, and any other admins to this full control level (as well as anyone who, by workflow, should be granted full control of the list item or document)
    • To set a permissions group as full control such as Admin group, double-click “People/Groups from SharePoint site…” and search for the group name
      searchpeopleandgroups.PNG
    • To set a specific individual as full control, just search for their name or e-mail address and double-click
    • If the person(s) or group(s) that should have full control are in a people column in the list, do “Workflow Lookup for a User…” then select the relevant column. Leave the “return field as” set to “As String”
      relatedpersonstring2
  12. Click “OK”
  13. Repeat steps 9-12 for all permission levels you wish to assign.
  14. Click OK until you’re back to the workflow editing screen with just your impersonation step
  15. Click “this list”
    thislist.png
  16. Click “OK” to accept “Current item” as the item to be gaining new permissions
    currentitem.PNG
  17. Click “back” or the name of the workflow in the breadcrumb to see workflow settings
    workflowsettings.png
  18. Check all start options, if suitable. I tend to think it never hurts to make sure your permissions are accurate.
    startwhenworkflow.PNG
  19. Publish your workflow
    publishworkflow2.png

The automation piece comes in here:

  • Set up if/then statements in your workflow to do different permissions setups conditionally based on content types, file names, departments, etc. (i.e. If the list item is related to R&D, assign permissions to those directors only)
  • Use people column(s) in your list or library that other people with proper permissions can update, then reference that column or those columns in your workflow to add permissions based on the columns’ contents (i.e. using workflow lookup for a user, add permissions for each column such as traveler, supervisor and director)

That’s it! You won’t need to do permissions manually again for these sorts of things if you can write a thorough and well-planned workflow to handle it for you, in combination with a list with appropriate people columns and settings suitable for your purpose. Feel free to comment any questions specific to your scenario and I’ll be glad to assist.

Advertisements