Link to home
Start Free TrialLog in
Avatar of dkumeri
dkumeri

asked on

Permission tool for sharepoint - third party tool

I need to make a list for HR department for salary information which is very critical for us.
Functionality: Top boss can view everyone salary .
Manager can see the salary of employees who are under him but he can not see his own salary.
Is there any third party tool to make this kind of view for users?
Avatar of quihong
quihong
Flag of United States of America image

No, but you can built your own using the SharePoint Object Model and Powershell leveraging SharePoint's ability to manage access at the item level.

Your script would iterate through the list and assign the appropriate permission to the particular item based on the list data. The list data will obviously need to contain the manager (userId) for a given employee and salary. So for each item, assign read access to the manager and "top boss" and probably your HR department.

Note that your Site Collection Administrators will see all the salary data.



Avatar of dkumeri
dkumeri

ASKER

Can you please describe how can I do it through SharePoint Object model. What will be the starting point. All the employees information will be coming from AD.
"All the employee information will be coming from AD"

Does that mean you don't already have your list setup with all the columns and data?

Here is an example of using the SP Object model and Powershell - http://www.u2u.info/Blogs/karine/Lists/Posts/Post.aspx?ID=10

You case will be a more complex since you have to setup item level security.
Forgot to mention...

A SharePoint "view" can not be used as a security or access restriction method. You would need to use item level permissions. SharePoint uses security trimming, which means that if a user doesn't have access to an item it will not be displayed. Just wanted to clarify that since you original question asked if there are any tools to make the view.
Avatar of dkumeri

ASKER

No, at the moment nothing is coming from AD. But we are trying to figure out what will be the best way to do it. How we can bring Employee salary information into the list with tight security.
Do you think we can integrate list with SQL data(Salary information in Database)? If yes, then How I can I do that.
Following things we are trying to figure out:
1. How to bring data (salary information) into the list or any other option.
2. Then how we can make a view (Functionality: Top boss can view everyone salary .
Manager can see the salary of employees who are under him but he can not see his own salary.)
Integrating(displaying) the SQL data in SharePoint is fairly trivial. Your tight security requirement of the data is the complex part.

The Powershell recommendation is going to be your best bet.

How many employees(or how big is the list)? Do you need to handle the situation of Top Boss->Director->Manager->Employee, with the Director able to see salary info for all managers under him along with their employees? That would make it even more complex.

You are going to have to test this throughly also, since this data is highly confidential, so you don't want to have some accidental bug or condition that you didn't account for and expose this data inappropriately.
Avatar of dkumeri

ASKER

Around 3000 employees. I did not create anything till yet, not a list even. Obviously because I do not know, how I can do this.

Can you please advise me the following first:
How I can make this  list and populate the data?
Manually It will be not possible to populate.

If first I will be able to make a list, then I can move on to security part.
ASKER CERTIFIED SOLUTION
Avatar of quihong
quihong
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dkumeri

ASKER

a