dkumeri
asked on
Permission tool for sharepoint - third party tool
I need to make a list for HR department for salary information which is very critical for us.
Functionality: Top boss can view everyone salary .
Manager can see the salary of employees who are under him but he can not see his own salary.
Is there any third party tool to make this kind of view for users?
Functionality: Top boss can view everyone salary .
Manager can see the salary of employees who are under him but he can not see his own salary.
Is there any third party tool to make this kind of view for users?
ASKER
Can you please describe how can I do it through SharePoint Object model. What will be the starting point. All the employees information will be coming from AD.
"All the employee information will be coming from AD"
Does that mean you don't already have your list setup with all the columns and data?
Here is an example of using the SP Object model and Powershell - http://www.u2u.info/Blogs/karine/Lists/Posts/Post.aspx?ID=10
You case will be a more complex since you have to setup item level security.
Does that mean you don't already have your list setup with all the columns and data?
Here is an example of using the SP Object model and Powershell - http://www.u2u.info/Blogs/karine/Lists/Posts/Post.aspx?ID=10
You case will be a more complex since you have to setup item level security.
Forgot to mention...
A SharePoint "view" can not be used as a security or access restriction method. You would need to use item level permissions. SharePoint uses security trimming, which means that if a user doesn't have access to an item it will not be displayed. Just wanted to clarify that since you original question asked if there are any tools to make the view.
A SharePoint "view" can not be used as a security or access restriction method. You would need to use item level permissions. SharePoint uses security trimming, which means that if a user doesn't have access to an item it will not be displayed. Just wanted to clarify that since you original question asked if there are any tools to make the view.
ASKER
No, at the moment nothing is coming from AD. But we are trying to figure out what will be the best way to do it. How we can bring Employee salary information into the list with tight security.
Do you think we can integrate list with SQL data(Salary information in Database)? If yes, then How I can I do that.
Following things we are trying to figure out:
1. How to bring data (salary information) into the list or any other option.
2. Then how we can make a view (Functionality: Top boss can view everyone salary .
Manager can see the salary of employees who are under him but he can not see his own salary.)
Do you think we can integrate list with SQL data(Salary information in Database)? If yes, then How I can I do that.
Following things we are trying to figure out:
1. How to bring data (salary information) into the list or any other option.
2. Then how we can make a view (Functionality: Top boss can view everyone salary .
Manager can see the salary of employees who are under him but he can not see his own salary.)
Integrating(displaying) the SQL data in SharePoint is fairly trivial. Your tight security requirement of the data is the complex part.
The Powershell recommendation is going to be your best bet.
How many employees(or how big is the list)? Do you need to handle the situation of Top Boss->Director->Manager->E mployee, with the Director able to see salary info for all managers under him along with their employees? That would make it even more complex.
You are going to have to test this throughly also, since this data is highly confidential, so you don't want to have some accidental bug or condition that you didn't account for and expose this data inappropriately.
The Powershell recommendation is going to be your best bet.
How many employees(or how big is the list)? Do you need to handle the situation of Top Boss->Director->Manager->E
You are going to have to test this throughly also, since this data is highly confidential, so you don't want to have some accidental bug or condition that you didn't account for and expose this data inappropriately.
ASKER
Around 3000 employees. I did not create anything till yet, not a list even. Obviously because I do not know, how I can do this.
Can you please advise me the following first:
How I can make this list and populate the data?
Manually It will be not possible to populate.
If first I will be able to make a list, then I can move on to security part.
Can you please advise me the following first:
How I can make this list and populate the data?
Manually It will be not possible to populate.
If first I will be able to make a list, then I can move on to security part.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
a
Your script would iterate through the list and assign the appropriate permission to the particular item based on the list data. The list data will obviously need to contain the manager (userId) for a given employee and salary. So for each item, assign read access to the manager and "top boss" and probably your HR department.
Note that your Site Collection Administrators will see all the salary data.