Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1204
  • Last Modified:

Changing SharePoint 2010 Document Permissions with Workflow

We have a list that contains Word documents and each document has a Managed Metadata column which lists the Owner of that Word document. I would like to create a workflow that starts when a new Word document is added to the list, to lookup the Owner in the Managed Metadata column and change the permissions of the document. I would like it to have the document stop inheriting permissions from parent and grant that document Owner Contribute access.

I have all of the owner lookups and everything done but am having trouble with the permission aspect of it. I am trying to do all of this through SPD2010 with no custom-coding. I downloaded a WSP which allows me to Grant and Delete specific permissions on documents but it doesn't work because the document is still set to inherit permission from its parent.

Is there a way through the workflow to tell the document to stop inheriting permissions from its parent? Or is there a doc library setting which will have all of the documents it contains NOT inherit its permissions?
0
ICG
Asked:
ICG
  • 3
  • 2
1 Solution
 
AndrewSkoraroCommented:
I think you may have run into a road block.  I can make a recommendation.  You could create and event handler to make the appropriate modifications after the new item has been created.  This would allow you the functionality and still use your current work flow.  Events for SharePoint are very easy to create and deploy, but do require coding and packaging.  
0
 
ICGAuthor Commented:
I actually just figured it out. It is an OOTB solution built-into SPD2010. If you use an Impersonation Step, you can replace the list item permissions.
0
 
dp_expertCommented:
One important remark:

SharePoint does not handle high permissions granuality too well. If you have more than three hundred of documents and around 3-4 permission settings per document then you can run into a serious problems.

See here for more details http://msdn.microsoft.com/en-us/library/cc262787.aspx (look for "Security scope") - you can see that exceeding this treshold will affect your entire farm. We had this problem with one implementation and we could not reverse the damage.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
ICGAuthor Commented:
Thank you for pointing this out! Luckily, this library only holds around 60 Word documents right now and only two permission settings per document.

I will bring this up to the team though so we can plan going forward.

What did you end up doing to counter the issue?
0
 
dp_expertCommented:
We had to setup the farm again. Then we had created folders for each permission group. Fortunatelly we were able to define a separate set of permissions so we ended up with 6 folders and setting up the permissions for these folders. Items in folders would inherit the permissions so the permission inheritance would be broken only for 6 items (the folders).
In a case where you whould have 300 users and each of these users could have different permissions to document it would be imposible to implement OOB - it would require some custom coding.
0
 
ICGAuthor Commented:
Discovered on own.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now