I have a Sharepoint list that I'm using as a form. Everyone in the company needs to view/modify the form to submit information, but I would like to keep the response from the form viewable to just a few people. Is there a way to do that, without clicking each item and managing permissions for that item? Can that be done with a workflow?
One approach:
Set up the list so users can only see and edit their own responses. (List settings > Advanced settings > set Read Access and Create and Edit access to "Items that were created by the user".
Create a SharePoint group for people who should see all items, e.g. ListManagers
Set up list permissions so that Visitors (everyone in the company) have Contribute access and the ListManagers group gets full access for the list.
Another option:
Leave the Advanced settings at the default, so that everyone can see all items.
Change the default view of the list to show only items created by the current user.
Create a page that shows an XLV with the default view and serve that to everybody.
Create another page that shows an XLV with all items and give permissions for that page only to the limited group of people.
The second method is more for convenience than for security and will not prevent savvy users from accessing the data they cannot see in the default view.
Related
What I want to do is this:
When a new user is given access to the Portal, I want her only to be able to see a single Sales menu with a submenu Sales/Customers and nothing else.
I was able to do that by adding the menu to the Portal group, but I need to hide the other menus (Website,Mail,Projects). I removed all the other views from Portal group and made sure that my customer does not belong to any other group than Portal but the menus are still there.
From what I can understand the menus are shown only to certain groups of users. My user only belongs to the Portal group these menus are not referenced there. I only have my Sales/Customer there
How can I remove them?
Out-of-box odoo is designed to show all those menu as portal menu, so what you want todo here is create new group with portal check-box true and assigned all menu you wnat him to see and assign needed security. Designing this group be bit lazy as you will have todo lot of trails.
Bests
Google announced this feature today, but I don't see any docs for it. How can I grant row-level permissions to a user?
For example, let's say I have a table private.all_customers with the schema {customer:string, id:integer, is_secret:boolean}.
I like to give our salespeople access to the fields customer and id, but not is_secret, and moreover, I'd like to give to give them access to only those rows where is_secret = false. How can I accomplish this?
The key part of row-level permissions is that you're actually giving permission to a view. The view defines the rows and columns in that you want the delegated user to see, without giving them access to the underlying table.
To do this, create the view that will return the rows and columns that you'd like the user to see. For the example above, the view would look like:
SELECT customer, id FROM private.all_customers where is_secret = false
Then I can save this as the view "public.public_customers", and share the public dataset with the analysts.
Note that, so far, this does NOT mean that the analysts will have access to the data. If they try to run it now, they'll get an error. Merely having access to a view that reads a table doesn't give you access to the underlying data on that table. If it did, then anyone could just create a view to read any data that they wanted to see.
The second step is adding that view to the ACL of the private dataset. What this does is records that the view should have access to the data. This way the owner of the private dataset can audit who has access to their data, and revoke it if necessary.
The easiest way to add the view to the ACL is to use the BigQuery Web UI. If you click on the arrow next to the private dataset name in the Web UI and click "Share this dataset", it will bring up a dialog box that lets you edit the ACL.
At the bottom of that dialog it will show "Add People" and a clickable icon on the left. If you click on that icon, you should be able to select "Authorized View". Once that is selected, you should enter the fully-qualified name -- project:dataset.view of the view. In our example, that would be my-project:public.public_customers. Hit 'Add' and it will show up in the list, and then hit "Save Changes" to commit.
Once the view has been added to the ACL, anyone with access to the 'public' dataset should be able to run queries against the public.public_customers view.
For more advanced usage of this feature, which will allow you to give different answers to different users, see this question: How do I give different users access to different rows without creating separate views in BigQuery?
I have one custom list with fields like(IDs, Name, Phone no) . when i add a new item to the list a new item form will be opened. While filling the form by entering the first field( IDs), i want other fields to be auto-populated from active directory.
Can it be possible through Browser(UI) or from sharepoint designer.
Please Help me out ...
Yes this is possible I have implemented something very similar.But this is only possible through event receiver in a custom list.Following was my approach,
Add a ItemAdding event receiver, only field entered by the user will be the UseraName field through people picker.
Internally,fetch the details of the user entered from AD.This can be done through code in this way,
http://www.aspdotnet-suresh.com/2011/03/how-to-get-userdetails-from-active.html
Then you can assign the user properties to their respective columns and update the list item.
If its not a custom list,you can always use User Profile Synchronisation by Mapping additional required AD properties so that they will show up in the user information list of that sitecollection.
You can use sharepoint user profile. So instead of going back to AD related stuffs SP profile will get automatically synced with AD. Its very easy to manage also.
If it's a different AD than the one you use for user profiles, then you will need to develop a custom WebPart and write server code to connect to the AD and check for user's info & auto-populate them.
If it's the same AD used for user profiles, then you already have different users properties on the SharePoint side and no need to reach out to the AD... this is assuming that you already have a User Profile Service Application setup and it's synced with AD (as #samh above suggested).
I have requirement to prevent users from editing a list item through UI.
I want to edit item only through programmatic way.
I want to prevent them from editing items from default edit page of the list.
Any suggestion are grateful...
Sharepoint permissions will even stop the user from editing the items programatically. (unless runwithelevatedprivileges is used). Another solution would be to hide [edit item] option using javascript.
You can do with SharePoint permissions.
Navigate to Site Actions > Site Permissions and select the user (they might be part of a SharePoint group, so check inside them too). Check the check box next to the user name and select Edit User Permissions from the ribbon. Then ensure that View Only and Read check boxes are checked for that specific user.
Hope this helps!
I have created an InfoPath 2010 form which is published to doc library in SharePoint 2010. I want for this form to become read-only ie once it has been submitted.
None of what I have done so far seems to work. I have:
Created a new view and re-named it to Read-Only and in its properties I have ticked
the "Read-Only" check box in InfoPath.
I have a "Submit Form" button and in here I have added rules for submitting the form,
switching the view to the read-only view.
To test this I fill out the form with sample data and submit it, then when I go to
the doc library where the forms gets submitted to when I open the submitted form I
find that the Read-Only view has not taken effect and that it is still possible to
edit the form.
Ideally what I am trying to achieve is to have the submitted forms turned into read-only when they are submitted and still be in read-only mode when these are opened from the document library where they get submitted to.
Any ideas where I'm going wrong with this? if there is a better and simpler way to achieve this please let me know.
Thanks in advance.
It might be too late to answer this question, but if someone is still looking for an answer you could try the below steps
Before you begin please verify that you have one of the following permissions:
a. You are a member of the Administrators group for the site collection.
b. You are a member of the Owners group for the site.
c. You have the Manage Permissions permission.
On the Site Settings page, Go to the Users and Permissions and look for settings
Under Settings you will be able to see Permission Levels
Select Add a Permission Level
Give a Name to you new Permission Level
Under the Select the Permissions to include to this permission level, select the Add Items and View Items Permissions to this group.
After the group is created, for your form library, stop inheriting the permissions from the parent site and create a new group with the new Permission Level that you just created. Add all the users to the group.
This should enable the users to submit a form but not edit it. Hope this helps.
There is an easier way to solve this. Create two views of this form on InfoPath Designer. And make sure when the form is submitted, the view is flipped to the Read-Only view; which has the salient feartures of the form such as the answers you would like to be recorded.
So anyone who opens the form once submitted wil only see the Read-Only view. You can set a rule on the form to have an administrator see a Edit mode.
I just went through this. the submit rule doesn't work, you have to create a form load rule. In the file toolbar, you'll see a form load button in the rules block.