Solved

Changing SharePoint 2010 Document Permissions with Workflow

Posted on 2011-03-03
6
1,120 Views
Last Modified: 2012-05-11
We have a list that contains Word documents and each document has a Managed Metadata column which lists the Owner of that Word document. I would like to create a workflow that starts when a new Word document is added to the list, to lookup the Owner in the Managed Metadata column and change the permissions of the document. I would like it to have the document stop inheriting permissions from parent and grant that document Owner Contribute access.

I have all of the owner lookups and everything done but am having trouble with the permission aspect of it. I am trying to do all of this through SPD2010 with no custom-coding. I downloaded a WSP which allows me to Grant and Delete specific permissions on documents but it doesn't work because the document is still set to inherit permission from its parent.

Is there a way through the workflow to tell the document to stop inheriting permissions from its parent? Or is there a doc library setting which will have all of the documents it contains NOT inherit its permissions?
0
Comment
Question by:ICG
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:AndrewSkoraro
ID: 35029520
I think you may have run into a road block.  I can make a recommendation.  You could create and event handler to make the appropriate modifications after the new item has been created.  This would allow you the functionality and still use your current work flow.  Events for SharePoint are very easy to create and deploy, but do require coding and packaging.  
0
 
LVL 1

Accepted Solution

by:
ICG earned 0 total points
ID: 35029548
I actually just figured it out. It is an OOTB solution built-into SPD2010. If you use an Impersonation Step, you can replace the list item permissions.
0
 
LVL 15

Expert Comment

by:dp_expert
ID: 35034392
One important remark:

SharePoint does not handle high permissions granuality too well. If you have more than three hundred of documents and around 3-4 permission settings per document then you can run into a serious problems.

See here for more details http://msdn.microsoft.com/en-us/library/cc262787.aspx (look for "Security scope") - you can see that exceeding this treshold will affect your entire farm. We had this problem with one implementation and we could not reverse the damage.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:ICG
ID: 35058569
Thank you for pointing this out! Luckily, this library only holds around 60 Word documents right now and only two permission settings per document.

I will bring this up to the team though so we can plan going forward.

What did you end up doing to counter the issue?
0
 
LVL 15

Expert Comment

by:dp_expert
ID: 35058608
We had to setup the farm again. Then we had created folders for each permission group. Fortunatelly we were able to define a separate set of permissions so we ended up with 6 folders and setting up the permissions for these folders. Items in folders would inherit the permissions so the permission inheritance would be broken only for 6 items (the folders).
In a case where you whould have 300 users and each of these users could have different permissions to document it would be imposible to implement OOB - it would require some custom coding.
0
 
LVL 1

Author Closing Comment

by:ICG
ID: 35067813
Discovered on own.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
Pimping Sharepoint 2007 without Server-Side Code Part 1 One of my biggest frustrations with Sharepoint 2007 in the corporate world is that while good-intentioned managers lock down the more interesting capabilities of Sharepoint programming in…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now