Manage Permissions of List Item as "Normal" User

New Contributor

Hi all,

 

I have a Sharepoint list and want to achieve the following:

Every user should be able to enter a new item. In addition, every user should be able to comment on the item he/she sees (I do not really care if the option to edit comes with that.).

 

Where it's getting tricky are the permissions:

There are three user groups: GroupA, GroupB and GroupC. GroupA are admins with full unrestricted access. GroupB and GroupC are groups which share most but not all data. So I want a way that the user can choose who is able to access (comment, maybe edit) the item which he/she creates.

Example: If UserB in GroupB creates a new list item, he can choose that the item is available to GroupB and GroupC. Both groups can see and comment on the item. Then, e.g., UserC of GroupC creates an item but restricts that to only GroupC. This means that GroupC can view and comment on the item, while GroupB does not see the item. They even do not know that it exists.

 

So in the end, I need an option to set access for the different user groups on every item without being administrator.

I'm open to any solution, either with default Sharepoint tools or with additional Power Automate flows in it. Do you have an idea how to realize this?

Thanks for any hint.

1 Reply

@ftfaul here below you can find a possible approach

 

Important Note: SharePoint OOTB is not designed to provide this flexibility in terms of Group permission at item level. Please do a very extensive test phase to avoid security breaches.

 

The View/Edit part

  1. Create 3 SharePoint Groups:
    Group A,Group B,Group C
  2. Create a Custom Column in your list. Something like "VisibleToGroup" (Type: Person/Groups - ChooseFrom: All Users)
  3. Create a Custom View "Filtered Results" (Add A filter - CreatedBy [Me]) -- You will set later this view as default -- As filter you can put whatever you want. The idea is to have a <Where> section to the web part's XML already populated
  4. Use SharePoint Designer to edit the View you have created above and replace the <Where> code with the following

 

  <Where>
    <Membership Type="CurrentUserGroups">
      <FieldRef Name="VisibleToGroup"/>
    </Membership>
  </Where>

 

The Permissions part

  1. Create a MSFT Form or Nintex Form that allow Users to request access to Group A,B,C
  2. Link a Power Automate flow that will be triggered after the Form submission
  3. Create a Power Automate that perform a REST API call to add the user to the Group

 

Last Note: The Automation part does not include a rollback scenario. You have to set up a proper Governance to ensure users are removed from Group A,B,C when their job is done (maybe an additional Power Automate that runs every end of the months and reset the permissions to initial state)