Prevent User from editing list item from UI in sharepoint - sharepoint-2010

I have requirement to prevent users from editing a list item through UI.
I want to edit item only through programmatic way.
I want to prevent them from editing items from default edit page of the list.
Any suggestion are grateful...

Sharepoint permissions will even stop the user from editing the items programatically. (unless runwithelevatedprivileges is used). Another solution would be to hide [edit item] option using javascript.

You can do with SharePoint permissions.
Navigate to Site Actions > Site Permissions and select the user (they might be part of a SharePoint group, so check inside them too). Check the check box next to the user name and select Edit User Permissions from the ribbon. Then ensure that View Only and Read check boxes are checked for that specific user.
Hope this helps!

Related

SharePoint List Item View/Read Permission

I am actually new to SharePoint permissions stuff. I really need someone help to guide me or give me a hint.
I have a SharePoint 2013 list, with items. User create a item using Nintex forms and when item is created, Nintex Workflow get trigger.
The idea behind this list is, User A will create a item then User B will review it and approve/reject.
After User A create item, item permission should change to 'Read' so that user A doesn't change any value of item until user B take some action.
In Workflow, I am changing the item permission using 'Set Item Permission' action and setting permission as Read.
But the problem is after
1) User A created item, he is not able to view/read item but able to edit item.
I selected item through list and click on 'view item' through ribbon, I am getting error 'Sorry, you don't have access to his page'.
I clicked on eclipse of item, selected Shared with->ADVANCED I am seeing the user A have view/read permission.
Then I made sure through 'Workflow history' if action got executed or not, it seems action got executed successfully.
This is really weird how user is able to edit item but not able to view item?
I really appreciate if anyone can provide any hint or help to make item readable.
Can you click on the list item, and check permissions for that item. You can click on Shared With -> Advanced. Then from the ribbon choose Check permissions. Enter the User A name and see what permissions he has.
And if he has more than Read, it means workflow has not finished its job. So check the workflow. It should break any inheriting permissions on that list item and then set unique permissions for only User B. This will take away the permissions from User A.
A second approach would be to make a form status column and connect it to submit button.
Return a value eg. Submitted to the column once the form is submitted by A.
Now in nintex form designer,select the control and add rule to disable the control if form status == "Submitted".

Modifying List Item permissions

I have a Sharepoint list that I'm using as a form. Everyone in the company needs to view/modify the form to submit information, but I would like to keep the response from the form viewable to just a few people. Is there a way to do that, without clicking each item and managing permissions for that item? Can that be done with a workflow?
One approach:
Set up the list so users can only see and edit their own responses. (List settings > Advanced settings > set Read Access and Create and Edit access to "Items that were created by the user".
Create a SharePoint group for people who should see all items, e.g. ListManagers
Set up list permissions so that Visitors (everyone in the company) have Contribute access and the ListManagers group gets full access for the list.
Another option:
Leave the Advanced settings at the default, so that everyone can see all items.
Change the default view of the list to show only items created by the current user.
Create a page that shows an XLV with the default view and serve that to everybody.
Create another page that shows an XLV with all items and give permissions for that page only to the limited group of people.
The second method is more for convenience than for security and will not prevent savvy users from accessing the data they cannot see in the default view.

Setting up recycle bin functionality in Archer GRC

When deleting records within the platform, this action is not reversible via the front end. Is there a way to allow users to remove a record from their view without actually deleting the record?
You can simulate recycle bin functionality within Archer GRC by adding a record permission field that grants read access to "Everyone". If read access is no longer required then an editor of the record can go in and change "Everyone" to a group called "Recycle Bin."
Please note that if there are other record permission fields in the application, users or groups may still have access if they are selected in those fields. Perhaps You can set up a dropdown status field for the user to select "Recycle Bin" and use this condition for automatic record permissions to revoke permission to the record depending on the requirements or workflow of the application.
Solution shared by Igritte might be somewhat confusing for end users.
End user will see greyed out "Delete" button in the top toolbar, but he has to select "Recycle Bin" in the form. This solution was not accepted by my business owner at some point.
As a work around for "Soft delete", I wrote a custom object overriding "Delete" button functionality.
1. User doesn't have delete access to the record, so JavaScript code will make "Delete" button look like active and available.
2. Once the button is clicked, custom object will populate value in the
hidden value list and simulate the click on the "Save" button.
Update: Note that Custom object needs to hide the value list first once the page is loaded. Here you will need to use a JavaScript and do the following: [a] locate the value list DOM object and [b] set display attribute to none. I used jQuery library to do both. This way your value list is not displayed, but you still can use it to control data driven events.
3. With hidden value populated and submitted, record permission will hide this record from the end user.
Note that custom object hides one value list on the layout as well.
If for some reason JavaScript doesn't load properly, user simply will not be able to click on the grayed out "Delete" button.
Update: Hidden value list can be populated by custom object using JavaScript code as well. You need to identify the form tag "input" in HTML code of the page and set attribute "value" to the desired state. I used jQuery library to do this as well.
I have this solution in production working fine with IE11, FF and Chrome.
I can't share the code, but with WC3Schools JavaScript guides and 4 hours you can write and test it yourself with very little JavaScript skills.
Sometimes you have to use custom objects when you want to get a user-friendly solution of not available functionality.
Good luck!

InfoPath 2010, SharePoint 2010

I have created an InfoPath 2010 form which is published to doc library in SharePoint 2010. I want for this form to become read-only ie once it has been submitted.
None of what I have done so far seems to work. I have:
Created a new view and re-named it to Read-Only and in its properties I have ticked
the "Read-Only" check box in InfoPath.
I have a "Submit Form" button and in here I have added rules for submitting the form,
switching the view to the read-only view.
To test this I fill out the form with sample data and submit it, then when I go to
the doc library where the forms gets submitted to when I open the submitted form I
find that the Read-Only view has not taken effect and that it is still possible to
edit the form.
Ideally what I am trying to achieve is to have the submitted forms turned into read-only when they are submitted and still be in read-only mode when these are opened from the document library where they get submitted to.
Any ideas where I'm going wrong with this? if there is a better and simpler way to achieve this please let me know.
Thanks in advance.
It might be too late to answer this question, but if someone is still looking for an answer you could try the below steps
Before you begin please verify that you have one of the following permissions:
a. You are a member of the Administrators group for the site collection.
b. You are a member of the Owners group for the site.
c. You have the Manage Permissions permission.
On the Site Settings page, Go to the Users and Permissions and look for settings
Under Settings you will be able to see Permission Levels
Select Add a Permission Level
Give a Name to you new Permission Level
Under the Select the Permissions to include to this permission level, select the Add Items and View Items Permissions to this group.
After the group is created, for your form library, stop inheriting the permissions from the parent site and create a new group with the new Permission Level that you just created. Add all the users to the group.
This should enable the users to submit a form but not edit it. Hope this helps.
There is an easier way to solve this. Create two views of this form on InfoPath Designer. And make sure when the form is submitted, the view is flipped to the Read-Only view; which has the salient feartures of the form such as the answers you would like to be recorded.
So anyone who opens the form once submitted wil only see the Read-Only view. You can set a rule on the form to have an administrator see a Edit mode.
I just went through this. the submit rule doesn't work, you have to create a form load rule. In the file toolbar, you'll see a form load button in the rules block.

SharePoint 2010 - Edit user info

Why can I not (as admin or user) edit a user profile? When I click Edit Item I can only attach a file and I only see the account name. I've gone into the admin area but nothing I change takes affect. I've set some other fields as editable but they don't show. I tried to edit user policies but everything is greyed out.
Are you populating your user profiles from AD? In that case, there is nothing in SP to edit since the data comes from elsewhere.
If not, then where are you trying to edit an item? Are you using Manage User Profiles in the User Profile Service Application area?