SOLVED

Dynamic item-level permissions?

Brass Contributor

Hello, 

 

I am in need of a solution for a scenario like this:

  • Employee submits a list item
  • Employee also specifies their Line Manager and Supervisor (their names / email addresses are captured in separate columns of the list item).

Requirement: Only the employee (submitter) and the specified Line Manager and Supervisor should be able to see this specific list item. 

 

I have seen several older posts where this was considered impossible but with the changing landscape in O365 I wondered if anyone has found a clever way to do this?

 

Thanks so much in advance!! <3 

14 Replies
best response confirmed by DanielaH (Brass Contributor)
Solution

@DanielaH - Just an Idea I have never tried this, you can use Flows to set permissions.

 

https://noellawlor.wordpress.com/2018/01/18/setting-sharepoint-item-list-permissions-with-flow/

@Sai Gutta Thank you!

The article links to a great instructional video explaining exactly how to fulfil my requirement :D

One thing you must consider here is that since you are breaking permissions per item, you could potentially hit the limit in the number of unique permissions allowed in a list (5000)

Thank you @Juan Carlos González Martín.

 

@Sai Gutta - I had a go at the shared article and it looks quite involved.. since I am not coming from a technical background I am not actually clear whether this does fulfil my purpose - i.e.:

 

The only people who should get contribute access to the item are those as specified in specific columns within the list? 

Thank you @Juan Carlos González Martín.

 

@Sai Gutta - I had a go at the shared article and it looks quite involved.. since I am not coming from a technical background I am not actually clear whether this does fulfil my purpose - i.e.:

 

The only people who should get contribute access to the item are those as specified in specific columns within the list? 

@DanielaH - I briefly went through the article and you cannot follow the article as is, you might need to make small changes like getting the user details from sharepoint list to whom you assign contribute access. 

I am curious - how are others solving this specific business problem?

 

  • Employee submits a new item that requires approval
  • After submission employee cannot edit submitted item
  • Approver(s) can edit submitted item and approve it.
  • Approvers are specified by entering their email address into a column within the item itself

The requirement really is just a simple approval cycle, which involves access restrictions as described above. The only challenge is that the approvers differ for each item, and are supposed to be 'listed' by the employee as part of submitting the item.

 

I am surprized that this is so 'difficult' to achieve... or are SPO lists simply not the right platform for this? 

 

Curious to hear feedback from others on this?

@DanielaH 

 

We have a similar requirement. At the moment I've decided to copy the list item to a different list so the approver can view the item and we email the requester with a copy of his original submission. 


We use Forms and the approval system to approve items and update the new list.

 

I would love more power around item level permissions like you're asking for. Ability for requester to see all their submissions but after submission they can't edit would be great.

@David Gorman Thanks for sharing your solution!

 

I think my current key challenge is the dynamic setting of item-level permissions, e.g. the approver may differ for each item... and even approvers should only be able to see the items for which they were appointed as approver. They get appointed as approver by being listed in an 'approver column' in the item itself. 

 

I keep wondering if I am overthinking this which is why I asked the community how they handle these cases ;)

@DanielaH 


While I think you probably could achieve this in Flow, it would be a lot of work.

 

I think really we need Sharepoint to have an actual "Submission" library with toggles for requests and approves.

Just a quick update on this - I logged a premier support ticket with MS and the response was that what I am trying to achieve is not possible at the moment (unless perhaps using the flow I referenced earlier). 

 

How are others solving this kind of scenario then??

 

Imagine a purchase order needs to be submitted, but the submitter should only have read-access after submitting. However someone else (the approver) needs edit access in order to update its status and perhaps add a comment. This approver is usually specified within the form/list. 

-> Requirement: Item level permissions enabling submitter to view, and specified approver to edit.

 

Such a simple requirement and yet so difficult to achieve? 

Hi DanielaH,

You managed to resolve this?

@DanielaH 

The only 2 dynamic filter values available are ME and TODAY. If you have a people picker field for manager, you can create your default view with view filters:

CREATED BY equals ME 

or 

MANAGER equals ME 

*add square brackets (sorry I don't see these on my phone's keyboard!)

And lock down view settings / list permissions, etc. so that users cannot create views. 

1 best response

Accepted Solutions
best response confirmed by DanielaH (Brass Contributor)
Solution