Forum Discussion
Only allow the creator of the item and the user direct manager to view the submitted item
johnjohn-Peter
No - it is you that's misunderstanding, but I'll explain with images so it's clearer for you.
1. Create a custom permission level in Permission Levels
- Click on the Contribute permission level, then scroll down and click on the Copy Permission Level button
- Give it a name e.g. Create and View only, uncheck Edit Items and Delete Items, then click on the Create button at the bottom
- Now you will see a new permission level listed
2. Go to your list settings and select Permissions for this list
- You need to make sure there are two permission groups. One for admins (1 or 2 people with Full Control permission), the other for everyone or specific people, it doesn't matter which. Your flow (needs to run under one of the users in the Owners group).
- For the everyone/specific people group, you need to modify the permissions as shown below and grant that group your new custom permission level:
In my example, the Owners group contains the admins (people like you or your SP admin).
I've changed the Visitors group permission level to the custom permission level that was setup in Step 1
3. Go to List Settings > Advanced Settings and configure the settings as below:
So as of now, with this setup, NOBODY can see any list item unless they created the list item no matter how long your flow takes to trigger.
Furthermore, the creator of the list item can only view it. They cannot delete it or edit it because of the restricted permission level
4. Now you can use a flow that is running under someone in the Owners group or a service account, exactly as described by grant_jenkins with a trigger of When an item is created to add item level permissions, by breaking permissions inheritance (I also remove all permissions except the owners group), and then:
- Granting READ permission back to the original creator
- Granting APPROVER permission to the approver
- Notify the Approver of a pending approval request
Approver 1 will only be able to view the item and approve/reject it.
When Approver 1 has approved, set the permission for Approver 1 to Read. Approver 1 will then only be able to view that item (or you can remove their permission if required).
Repeat the process for Approver 2
I have used this technique for years and I hear this question come up many times and advise the same solution.
If you are not sure how to do the flow part, shout.
DJ_JambaAre you sure this will work? as if you have this settings:-
and you granted the Approver's Approve permission, then Read permission, then the Approver user will not be able to see the item... the above settings for the Item-Level Permissions, will only allow the creator of the item + the user with full control ON THE LIST to see the items.. so how come an Approver user (who did not create the item) will be able to see the item??? are you sure this is working for you?
johnjohn-Peter
100% positive - This is how I know that you are misunderstanding
Why?
Because Item level permissions supercede any default permissions/settings in SharePoint
As previously stated, I have used/advised this technique for many yearsDJ_JambaNot sure how this is working for you,,, but if you do not have full control on the list you will not be able to see any item if the item-level is set to only see and edit your own items... even if you have full control on the item.. are you sure this is working for you?
an i agree with you that "Item level permissions supercede" .. that why your scenario will not work