Changing SharePoint 2010 Document Permissions with Workflow

We have a list that contains Word documents and each document has a Managed Metadata column which lists the Owner of that Word document. I would like to create a workflow that starts when a new Word document is added to the list, to lookup the Owner in the Managed Metadata column and change the permissions of the document. I would like it to have the document stop inheriting permissions from parent and grant that document Owner Contribute access.

I have all of the owner lookups and everything done but am having trouble with the permission aspect of it. I am trying to do all of this through SPD2010 with no custom-coding. I downloaded a WSP which allows me to Grant and Delete specific permissions on documents but it doesn't work because the document is still set to inherit permission from its parent.

Is there a way through the workflow to tell the document to stop inheriting permissions from its parent? Or is there a doc library setting which will have all of the documents it contains NOT inherit its permissions?
LVL 1
ICGAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ICGConnect With a Mentor Author Commented:
I actually just figured it out. It is an OOTB solution built-into SPD2010. If you use an Impersonation Step, you can replace the list item permissions.
0
 
AndrewSkoraroCommented:
I think you may have run into a road block.  I can make a recommendation.  You could create and event handler to make the appropriate modifications after the new item has been created.  This would allow you the functionality and still use your current work flow.  Events for SharePoint are very easy to create and deploy, but do require coding and packaging.  
0
 
dp_expertCommented:
One important remark:

SharePoint does not handle high permissions granuality too well. If you have more than three hundred of documents and around 3-4 permission settings per document then you can run into a serious problems.

See here for more details http://msdn.microsoft.com/en-us/library/cc262787.aspx (look for "Security scope") - you can see that exceeding this treshold will affect your entire farm. We had this problem with one implementation and we could not reverse the damage.
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
ICGAuthor Commented:
Thank you for pointing this out! Luckily, this library only holds around 60 Word documents right now and only two permission settings per document.

I will bring this up to the team though so we can plan going forward.

What did you end up doing to counter the issue?
0
 
dp_expertCommented:
We had to setup the farm again. Then we had created folders for each permission group. Fortunatelly we were able to define a separate set of permissions so we ended up with 6 folders and setting up the permissions for these folders. Items in folders would inherit the permissions so the permission inheritance would be broken only for 6 items (the folders).
In a case where you whould have 300 users and each of these users could have different permissions to document it would be imposible to implement OOB - it would require some custom coding.
0
 
ICGAuthor Commented:
Discovered on own.
0
All Courses

From novice to tech pro — start learning today.