Forum Discussion

Torill S's avatar
Torill S
Copper Contributor
Mar 01, 2017
Solved

Custom list - item-level permissions

I have a question about the "item-level permission"-option found in list advanced settings on custom lists. Here you can choose that users can only see or edit items that they themselves have created...
Lists
security
  • Robse's avatar
    Robse
    Mar 02, 2017

    Hi Torill,

     

    the item permission will really secure the content from other users, there's no way to access them, also not via SharePoint search.

     

    However, Administrators and Site Owners with Full Control still have the access and can see all items. This makes sense, because users with Full Control are responsible to maintain the site and therefore should have access to all within this scope.

     

    However, as Tiago already stated, I'd be careful with item level permission. The limit will be reach very fast, when you have a couple of users and items. See this scenario: You have 3 items and 3 users. How many single item permission do you have? Three? No, it's 9 already!

     

    Item 1:

    User 1 yes

    User 2 no

    User 3 no

     

    item 2:

    User 1 no

    User 2 yes

    User 3 no

     

    item 3:

    User 1 no

    User 2 no

    User 3 yes

     

    Hence, I'd only recommend to have this on a small list with only a few users and make sure you have a kind of retention that outdated items (and their permissions) will be deleted automatically.

     

    Summarized, item level permissions really secure each item, but consider above mentioned limitations. If you want to achieve a certain scenario, please let us know and we can maybe recommend best practices. :-)

     

    Happy "SharePointing"

Torill S's avatar
Torill S
Copper Contributor
Mar 01, 2017

Yes, I know that a view does not apply security, which is why I am wondering if this setting does change the permissions on the item, as the setting suggests ("item-level permissions") or if it is just creating a view. The list item still inherits permissons from the list, so everyone with access to the list are still listed with permissions on the item, even if they are not able to view or change it after this setting has been set.

 

Is it possible for users with access to the list, and thereby to all items that inherrits from the list) to get access to list items they have not created through e.g. MS Graph, or is this a secure way to keep the access to list items only to the person who created the list item?

Peter Stilgoe's avatar
Peter Stilgoe
Iron Contributor
Mar 02, 2017

I havent got time to test but I would:

 

- Set as can only view own items

 

- Create an item with your user account

 

- Search for that item with another account eg. does it appear, I would say 99%  not as the feature would be useless but have not tested

 

 

Would also depend on your particular scenario as well & how  secure it needs to be, obviously anyone able to edit the list could change the setting on the list & then view all the items if they really wanted to.

Resources