Thursday, 25 December 2014

SharePoint 2010 Custom List: Row Level Secuity

Business Case: Sharing a comprehensive list data among different stakeholders where every stakeholder can view\read only those row as per her Role\Unit

(1) Export the existing list data into SharePoint custom list including the column: Unit.
(2) Add a new empty temporary column: trigger update.
(3) Build a row level security based on the field row for each row.

Let's elaborate on step number (3), where we are going to create a new workflow assocuated with this list and to run on every Create\Update item.

a) Create Permissions groups within SharePoint. 
Each Group will be equivalent to each Unit, same name.

b) Create the workflow:
1) Open the SharePoint site with Microsoft SharePoint Designer.
2) Navigation --> Site Objects --> Lists and Libraries --> Open that specific custom list with the data.
3) From the upper toolbar: list Workflow to create a list workflow.

4) Set Start options for the workflow: Item Created\Changed.

5) Edit Workflow.

6) Click Impersonation Step on the top toolbar to add a new Impersonation step, then remove the existing Step 1.

7) Click on the orange underline to activate the toolbar Action button.

8) Add a new action: Replace List Item Permissions.

9) Similarly, beneath it, add a new action: Add List Item Permissions.

10) Since we are interested to set the security on the item level, this workflow will do the function on the current item, replace this list in both steps with Current Item

11) To guarantee that the owners still have the permissions to access this list item, grant site owners all the permissions in the first replace step.

12) Now, to the core idea which is matching the field Unit with the equivalent group.
The result is that each row will have Read Access granted to the group members for the equivalent members of the group with the same name.

13) Save and Publish.

14) It is recommended to break the inheritance for this custom list so that the list items would be immune to any permissions changes at higher levels.

15) One time step: activate the workflow on all the items through through filling in the temporary column  created earlier: Trigger Update. A simple way to do it is through filling it within the Spreadsheet view for the list. Delete the temporary column:Trigger Update from the list.

No comments:

Post a Comment