SharePoint List Item View/Read Permission - permissions

I am actually new to SharePoint permissions stuff. I really need someone help to guide me or give me a hint.
I have a SharePoint 2013 list, with items. User create a item using Nintex forms and when item is created, Nintex Workflow get trigger.
The idea behind this list is, User A will create a item then User B will review it and approve/reject.
After User A create item, item permission should change to 'Read' so that user A doesn't change any value of item until user B take some action.
In Workflow, I am changing the item permission using 'Set Item Permission' action and setting permission as Read.
But the problem is after
1) User A created item, he is not able to view/read item but able to edit item.
I selected item through list and click on 'view item' through ribbon, I am getting error 'Sorry, you don't have access to his page'.
I clicked on eclipse of item, selected Shared with->ADVANCED I am seeing the user A have view/read permission.
Then I made sure through 'Workflow history' if action got executed or not, it seems action got executed successfully.
This is really weird how user is able to edit item but not able to view item?
I really appreciate if anyone can provide any hint or help to make item readable.

Can you click on the list item, and check permissions for that item. You can click on Shared With -> Advanced. Then from the ribbon choose Check permissions. Enter the User A name and see what permissions he has.
And if he has more than Read, it means workflow has not finished its job. So check the workflow. It should break any inheriting permissions on that list item and then set unique permissions for only User B. This will take away the permissions from User A.

A second approach would be to make a form status column and connect it to submit button.
Return a value eg. Submitted to the column once the form is submitted by A.
Now in nintex form designer,select the control and add rule to disable the control if form status == "Submitted".

Related

How to write groups for a delete comes under action menu odoo?

I need to write groups for a delete button under action menu in sale order form. This group is for to show if group is enabled then delete button will be shown or else it remains invisible.
I don't know how to make it. Could anyone help me here?
you can do it by access rights. Here is elaborated example.
Suppose if you have to remove the delete option from the purchase order for the users purchase user, then what you have to do is that, activate developer mode, then go to the menu, Groups under the settings, then search the group purchase user. Open it, then in the access rights tab, you can see different objects and given permission.

get all visible menu item for given user

in openerp(odoo) you can write URL directly and access any view even if user dosen't have access to it. My idea is to stop actions that has no visible menu for it. openerp do it somewhere but I don't know where and how to access the list of available menu for given user.
Thanks

Setting up recycle bin functionality in Archer GRC

When deleting records within the platform, this action is not reversible via the front end. Is there a way to allow users to remove a record from their view without actually deleting the record?
You can simulate recycle bin functionality within Archer GRC by adding a record permission field that grants read access to "Everyone". If read access is no longer required then an editor of the record can go in and change "Everyone" to a group called "Recycle Bin."
Please note that if there are other record permission fields in the application, users or groups may still have access if they are selected in those fields. Perhaps You can set up a dropdown status field for the user to select "Recycle Bin" and use this condition for automatic record permissions to revoke permission to the record depending on the requirements or workflow of the application.
Solution shared by Igritte might be somewhat confusing for end users.
End user will see greyed out "Delete" button in the top toolbar, but he has to select "Recycle Bin" in the form. This solution was not accepted by my business owner at some point.
As a work around for "Soft delete", I wrote a custom object overriding "Delete" button functionality.
1. User doesn't have delete access to the record, so JavaScript code will make "Delete" button look like active and available.
2. Once the button is clicked, custom object will populate value in the
hidden value list and simulate the click on the "Save" button.
Update: Note that Custom object needs to hide the value list first once the page is loaded. Here you will need to use a JavaScript and do the following: [a] locate the value list DOM object and [b] set display attribute to none. I used jQuery library to do both. This way your value list is not displayed, but you still can use it to control data driven events.
3. With hidden value populated and submitted, record permission will hide this record from the end user.
Note that custom object hides one value list on the layout as well.
If for some reason JavaScript doesn't load properly, user simply will not be able to click on the grayed out "Delete" button.
Update: Hidden value list can be populated by custom object using JavaScript code as well. You need to identify the form tag "input" in HTML code of the page and set attribute "value" to the desired state. I used jQuery library to do this as well.
I have this solution in production working fine with IE11, FF and Chrome.
I can't share the code, but with WC3Schools JavaScript guides and 4 hours you can write and test it yourself with very little JavaScript skills.
Sometimes you have to use custom objects when you want to get a user-friendly solution of not available functionality.
Good luck!

Prevent User from editing list item from UI in sharepoint

I have requirement to prevent users from editing a list item through UI.
I want to edit item only through programmatic way.
I want to prevent them from editing items from default edit page of the list.
Any suggestion are grateful...
Sharepoint permissions will even stop the user from editing the items programatically. (unless runwithelevatedprivileges is used). Another solution would be to hide [edit item] option using javascript.
You can do with SharePoint permissions.
Navigate to Site Actions > Site Permissions and select the user (they might be part of a SharePoint group, so check inside them too). Check the check box next to the user name and select Edit User Permissions from the ribbon. Then ensure that View Only and Read check boxes are checked for that specific user.
Hope this helps!

InfoPath 2010, SharePoint 2010

I have created an InfoPath 2010 form which is published to doc library in SharePoint 2010. I want for this form to become read-only ie once it has been submitted.
None of what I have done so far seems to work. I have:
Created a new view and re-named it to Read-Only and in its properties I have ticked
the "Read-Only" check box in InfoPath.
I have a "Submit Form" button and in here I have added rules for submitting the form,
switching the view to the read-only view.
To test this I fill out the form with sample data and submit it, then when I go to
the doc library where the forms gets submitted to when I open the submitted form I
find that the Read-Only view has not taken effect and that it is still possible to
edit the form.
Ideally what I am trying to achieve is to have the submitted forms turned into read-only when they are submitted and still be in read-only mode when these are opened from the document library where they get submitted to.
Any ideas where I'm going wrong with this? if there is a better and simpler way to achieve this please let me know.
Thanks in advance.
It might be too late to answer this question, but if someone is still looking for an answer you could try the below steps
Before you begin please verify that you have one of the following permissions:
a. You are a member of the Administrators group for the site collection.
b. You are a member of the Owners group for the site.
c. You have the Manage Permissions permission.
On the Site Settings page, Go to the Users and Permissions and look for settings
Under Settings you will be able to see Permission Levels
Select Add a Permission Level
Give a Name to you new Permission Level
Under the Select the Permissions to include to this permission level, select the Add Items and View Items Permissions to this group.
After the group is created, for your form library, stop inheriting the permissions from the parent site and create a new group with the new Permission Level that you just created. Add all the users to the group.
This should enable the users to submit a form but not edit it. Hope this helps.
There is an easier way to solve this. Create two views of this form on InfoPath Designer. And make sure when the form is submitted, the view is flipped to the Read-Only view; which has the salient feartures of the form such as the answers you would like to be recorded.
So anyone who opens the form once submitted wil only see the Read-Only view. You can set a rule on the form to have an administrator see a Edit mode.
I just went through this. the submit rule doesn't work, you have to create a form load rule. In the file toolbar, you'll see a form load button in the rules block.