SharePoint list item permissions

Daniel Revell picture Daniel Revell · Jul 1, 2009 · Viewed 16.2k times · Source

I want to programmatically make it so that users can see only particuar items on the list.

Basically in an workflow that runs when an item is created I'm going to do some stuff and notify some people about this item. I also want it to change the permissions on the item so that only particular users (looked up on runtime based on the items contents) can read the item. The rest of the users that have access to the list will only see particular items but not all of them. The list item might not necessarily be owned but the user(s) that need to see it so I can't set the list permissions to letting users only see their own items.

To put this into context if it helps- The list is registering job roles to a particular member. Every list item is a role assignment that contains a lookup to a role in the roles list and a lookup to a member in the members list. I'm not directly using a multilookup field in the members list for roles because each role assignment needs extra information held about it such as a description, a start date ect. Each role has a particular user/group that manages it. I want it so that when going to this big list of role assignments, a user can only see the role assignments for the roles that they are the manager of.

Advice would be much appreciated.

Answer

Ariel picture Ariel · Jul 1, 2009

You can assign permissions to individual list items. For ex.

        // get list item
        SPListItem item = <your list item>;
        if (!item.HasUniqueRoleAssignments)
        {
            item.BreakRoleInheritance(true);
        }

        // get principal
        SPPrincipal principal = <principal to grant permissions to>;

        // get role definition
        SPRoleDefinition rd = <role that contains the permissions to be granted to the principal>;

        // create role assignment
        SPRoleAssignment ra = new SPRoleAssignment(principal);
        ra.RoleDefinitionBindings.Add(rd);
        item.RoleAssignments.Add(ra);

But beware about the performance and operational implications of assigning permissions per list item.

In general, I would prefer

  • Permissions assigned no deeper than the list level
  • As much as possible, assign permissions to groups and then include individual users into those groups.