I have created a custom list with work flow associated with that. The workflow takes the item through different levels of approval.
My workflow scena开发者_高级运维rio is like say an initiator add an item, which will go to manager for approval. When the manager approves, few columns in the current list will get updated. On manager approval it will be forwarded to head of department. Again when the Dept head takes an action, the column values of the list get updated. For all these users i have set Contribute permission. But the problem is that an item started by an initiator should not be editable or deleted by other users using the pull down menu that appears for each item. Only the owner of the item and manager should have permission to edit it using the pull down menu. When I tried changing the edit access for the item through Advance settings-->Item level permission --Edit access being set to "Only their own" while manager or dept head approving I get an access denied error message.
Can any one please suggest me what is the work around for this?
Welcome to the not-perfect world of Sharepoint Item level permissions...
You will not get far with Sharepoint 2007 standard stuff, because what you need is a Workflow with Impersonation - why do you need it?
You want to set item level permissions depending on the state your workflow is in. You can only change permissions when you have the right to do so - Workflows run as the user who started the workflow, so your user would need the right to change permissions -> You don't want every user to have that. So there is this thing called "impersonation" (which comes as an activity with Sharepoint 2010). Impersonation you can only achieve using a custom activity with SHarepoint 2007.
Once your Workflow is running under an elevated account, you can change permissions for the Current item easily, i.e. give contribute permission to someone and retract read permission from someone else.
There is a good article on how to implement item level permissions for Workflows and Sharepoint 2007 here:
Custom Activity Workflow for implementing Item Level Security in SharePoint Designer 2007 (sorry coding involved)
If you really don't want to code there are some useful projects on Codeplex:
Useful Sharepoint Designer Custom Workflow Activities (in particular "Grant Permission on Item " Activity)
Please be aware that item-level permissions and large lists dont mix very well. It can cause some performance issues on the list.
Please take a closer look at the
http://technet.microsoft.com/en-us/library/cc262787.aspx
under
Security scope
1,000 per list
Type: Threshold
The maximum number of unique security scopes set for a list should not exceed 1,000.
A scope is the security boundary for a securable object and any of its children that do not have a separate security boundary defined. A scope contains an Access Control List (ACL), but unlike NTFS ACLs, a scope can include security principals that are specific to SharePoint Server. The members of an ACL for a scope can include Windows users, user accounts other than Windows users (such as forms-based accounts), Active Directory groups, or SharePoint groups.
精彩评论