I am working on an issue tracking list for sharepoint. The list effectively has two levels of access. We'll call them Investigator and Reviewer. The problem I have is that I can't find a way to restrict (truly restrict, not just limit view) who can view and update an item. The workflow should function: Investigator recieves new issue, submits it to the system, reviewer reviews item and explicitly assigns it to the original investigator or another investigator (investigators should only be able to view tickets to which they have rights).
I know that I can use the Assigned To field to modify how the items appear in list views, but I also know that a savvy user can modify the URL and potentially view items which they should not.
I would like to be able to programmatically change either the item owner or the item permissions such that only the investigator assigned by the reviewer can view/modify the issue.
Any reviewers in the list will keep the ability to view/modify all items.
Start Free Trial
