Configure Item Level Permissions for Document Libraries – Part 2 – SharePoint 2010 edition
Guest Author: Toni Frankola
SharePoint Use Cases
Every once in a while your customer might ask you to customize permissions for a document library in such a way that authors can only change their own documents. There was no such feature for document libraries in SharePoint 2007, and the “problem” is still present in v2010. (Both versions support automatic item-level permissions OOTB for other lists like Tasks).
In Part 1 of this article I tried to solve the problem for SharePoint 2007 with Workflows, but never found the time to complete it and create custom workflow activities for SharePoint Designer. In 2010, SharePoint Designer comes to the rescue, as it has similar workflow activities OOTB!
In this article we will examine how you can create a workflow that will customize item permissions for each document submitted to a document library (only the Author will have contribute permissions). These SharePoint Designer 2010 workflow activities can also be used in various workflow scenarios where permissions need to be revoked after an item is submitted (e.g. Annual Leave Requests, various approvals etc.).
Here is what you need to do:
- Create a new Document Library (e.g. Top Secret Documents)
- Go to Document Library Settings > Permissions for this document library
- Click on the Stop Inheriting Permissions command from the ribbon
- Revoke permissions for all but a few important groups (e.g. Portal Owners and Portal Members).
Please note: Steps 2. – 4- are optional but the workflow is going to be much simpler if there are fewer permissions to manage - Open your site in SharePoint Designer, and select theWorkflows option and your list from the ribbon
- Type the name for the new workflow (e.g. Customize Permissions)
- Insert a new Impersonation Step. This special step runs each activity as workflow author.
Make sure the workflow author (you) has proper privileges to manage permissions for this list. - From the list of workflow actions choose “Replace Item Permissions
- Click Replace these permissions
- In the dialog click Add
- In the Choose permission to grant dialog click Contribute, and then click the Choose… button
- Add User who created current item to the Selected users list
- Click the workflow name (e.g. “Customize Permissions”) to manage workflow settings
- Make sure you have selected the correct Start options
- Publish your workflow
Once a user adds a document to a document library this workflow will revoke permission from other users and grant contribute permissions to the document author.
You can also customize this workflow and add permissions for other users as well.
Guest Author: Toni Frankola
SharePoint Use Cases
Toni started his Web adventure in late 90’s and has been working with various web technologies ever since. These days his main focus is SharePoint technology. He is active in the SharePoint community via his SharePoint blog at http://www.sharepointusecases.com/ and Twitter http://twitter.com/tonifrankola, and also speaks about SharePoint at various SharePoint conferences. Toni runs his own company Acceleratio Ltd., that specializes in SharePoint consulting and developing software products, and leads the Croatian SharePoint User Group.
Hello Toni,
Great explanation, thanks! I did found one problem. When i create a new document directly from the SharePoint library with Office 2007, the workflow can’t be started immediately because the document is still locked. In the workflow history you will find a item with the description: “The item is currently locked for editing. Waiting for item to be checked in or for the lock to be released.”. After that it takes 3 more minutes for the workflow to finish. That means the document is visible to all others in those 3 minutes. Have you experienced this too?
All works fine besides the fact that the workflow does not start automatically. Any idea why?
Hello Tony,
Great explanation.It helped me a lot