Challenge #1 in implementing SharePoint: List items permission settings
SharePoint Feature Description
In Microsoft SharePoint, you can set permissions in three layers:
- site scope
- list or library scope
- individual items
By default the permissions are inherited from the site scope to the list and library and then from lists or libraries to items. It is possible to break this inheritance and use a different permission sets for these scopes. For example, you may have a financial list in your intranet which stores the debts and credits and give permissions to financial department users to see and update list items, other portal users do not see this information list and its contents.
SharePoint Challenge Description
When you give individual list items the required permissions, this permission should be granted based on some deciding factors. Usually it is not feasible to give all of the users who have permission on the list to access items equally. So individual list items should have separate unique permissions.
The challenge is there is no automatic way to give this permission to the end users. So there should be some manual works to set these permissions. If you have a list with thousands items and simultaneous user inputs, it is practically impossible to set these permissions manually and there is no out-of-the-box solution for this requirement. It is a very useful feature to be available in next versions of the product and there is no way to maintain a large site without this feature.
On our test Microsoft SharePoint Server, there is a list to store the project information. All of the employees have access to this list to see the project information related to their department. For example, if a project scope is defined for the SEO department, the web development department has no access to that specific information. When the project is initiated, other specific project information are developed and all of them should be secured. But there is no way to do these jobs automatically and an admin user have to change the list item permission after it is inserted by the user.
In Microsoft SharePoint lists, we can also create folders inside the lists and assign permission to the folder level, so every item inside the folder will have that permission too and we can place list of the projects for each department inside those folders. The problem is we have cross department projects and also projects which all departments are involved. So we have to create many folders and using information in the list would be tiresome for end users.
First we configured a notification to be sent to the admin user after adding or updating items to the related lists, so the project admin goes to the lists and set item permissions manually. This was a very time-consuming job and practically impossible to maintain it after switching to the portal completely.
We decided to develop a SharePoint feature to address this requirement. This feature has three different sections to set permissions on individual list items. There is some general rules to set permissions for users and groups, and also there is possible to set permission based on the item properties. For example for the project list, there is a column which we select the project manager user. Based on the content of this column, the permission of the project management group is automatically created for this user on an individual item. Moreover, each project is related to a set of departments that their corresponding users have access the information of the project.
This is a standard SharePoint feature that will be appeared in list or library settings and greatly improve the usability of SharePoint and SharePoint governance. Without this feature it is practically impossible to use SharePoint in highly dynamic environment which data change frequently.