Hi,Is the "Item-level Permissions" in List Advanced Settings, a security option or is it a way to filter data for the user?How does it work with the permission done on the item level when breaking inheritance with the list?thanks.

In SharePoint 2007, it is a security option not the way to filter data for users.Best regards, Riwut Libinuko SharePoint Architect, Singapore Microsoft MVP | SharePoint Server | Singapore Blog : http://blog.libinuko.com

Hi,Do you know howdoes it work with the List item level security (after breaking inheritance)?For example:i have 2 items: item1 (created by user1) and item2(created by user2)ifI access item2 and set user1 explicitly as contributor, the later still cannotview item2.How do these 2 options co-exist?thanks.

Hi Samer,For item level permissions on list, you no need to break the inheritance.You can use "Item-Level Permissions" options in List Advanced settings.Go to List settings -> Advanced Settings -> And Specify the Item-Level Permissions:Specify which items user can read and edit.For your question, if you break the inheritance of a list assuming, you have manage permissions access. You can provide access to individual list items.Example: You have 5 items in your list and you break the inheritance of the list. Now you can provide user1 contributor access to 2 list items and read access to other three list items.I hope this helps..Thanks,Veera Reddy

Hi,The first point is clear, you don't need to break inheritance to use the "Item-Level Permissions" option.About thesecond point,by breaking the inheritance I can assign individual permissions on the items but the example that you have specify does not work if the "Item-Level Permissions" option in List Advanced settings is also enabled.I am trying to understand how does the 2 options co-exist, if I break inheritance and set permission on the item level and at the same time set the option "Item-Level Permissions" in the advanced list settings, what is the behavior of SharePoint in this case?Thanks.

Hi Samer,Yes, we can assume. It's for security as well as a filter for users to view ther ownlist items.Break permissions will always win. You can provide permissions to the users though you have configured the "Item-level Permissions". You can provide permissions to other list items or provide heigher permissions to exisitng list items.Thanks,Veera Reddy

Hi, Break permissions will always win. You can provide permissions to the users though you have configured the "Item-level Permissions". You can provide permissions to other list items or provide heigher permissions to exisitng list items. In the example I have previously mentioned: I have configured the "Item-level Permissions" "Read access" section to "Only their own"I have 2 items: item1 (created by user1) and item2 (created by user2) ifI access item2 and set user1 explicitly as contributor, the later still cannotview item2.This means that "Item-level Permissions" wins over setting the security on each item. Right?Thanks.

I have imncluded snippet bewlow that can be sued to remove all permission and added the permissins you require #region "Methods" private void HandleNewManuscriptEvent(SPSite _site, SPWeb _web, SPItemEventProperties _properties) { List<SPUser> Approvers = new List<SPUser>(); List<String> DepartmentsOfInterest = new List<string>(); String temp = String.Empty; SPUser itemOwner = null; //AREA FIELD NAMES List<String> ClinicalDevelopments = new List<string>(); List<String> NonClinicals = new List<string>(); List<String> NonClinicalMethodologies = new List<string>(); List<String> Marketings = new List<string>(); //CRITICAL FIELD NAMES String sFirstPresentation = String.Empty; String sBiosequenceData = String.Empty; String sChemicalStructures = String.Empty; String sDetailedFormulationData = String.Empty; String sBiologicsManufacturing = String.Empty; String sPharmacologyData = String.Empty; String sBOTOXFieldName = String.Empty; //LEGAL FIELD NAME String sLegalFieldName = String.Empty; //DUE DATE String sDueDate = String.Empty; //ACCESSION int iAccessionValue = 0; String sMonthValue = String.Empty; String sAccession = String.Empty; String sEventHandler = " Completed "; try { this.DisableEventFiring(); //this doesn't get elevated rights //SPListItem manuscript = _properties.ListItem; SPListItem elevatedManuscript = _web.Lists[_properties.ListId].GetItemById(_properties.ListItem.ID); SPListItem manuscript = _properties.ListItem; _web.AllowUnsafeUpdates = true; #region "Departments" try { //AREAS #region "Clinical Development" temp = String.Empty; if (manuscript[this.m_sClinicalDevelopmentFieldName] != null) { temp = manuscript[this.m_sClinicalDevelopmentFieldName].ToString(); ClinicalDevelopments = this.GetDepartmentsFromAreaSelections(temp.Split(";".ToCharArray())); System.Diagnostics.Debug.WriteLine("Clinical Development count..." + ClinicalDevelopments.Count); //for each "Clinical Development" checked foreach (var clinicalDevelopment in ClinicalDevelopments) { //disregard "None" selection if (!clinicalDevelopment.Equals("None")) DepartmentsOfInterest.Add(clinicalDevelopment); } } #endregion #region "Non-Clinical" temp = String.Empty; if (manuscript[this.m_sNonClinicalFieldName] != null) { temp = manuscript[this.m_sNonClinicalFieldName].ToString(); NonClinicals = this.GetDepartmentsFromAreaSelections(temp.Split(";".ToCharArray())); //for each "Non-clinical" checked foreach (var nonclinical in NonClinicals) { //disregard "None" selection if (!nonclinical.Equals("None")) DepartmentsOfInterest.Add(nonclinical); } } #endregion #region "Non-Clinical Methodology" temp = String.Empty; if (manuscript[this.m_sNonClinicalMethodologyFieldName] != null) { temp = manuscript[this.m_sNonClinicalMethodologyFieldName].ToString(); NonClinicalMethodologies = this.GetDepartmentsFromAreaSelections(temp.Split(";".ToCharArray())); //for each "Non-clinical Methodology" checked foreach (var nonclinicalmethodology in NonClinicalMethodologies) { //disregard "None" selection if (!nonclinicalmethodology.Equals("None")) DepartmentsOfInterest.Add(nonclinicalmethodology); } } #endregion #region "Marketing" temp = String.Empty; if (manuscript[this.m_sMarketingFieldName] != null) { temp = manuscript[this.m_sMarketingFieldName].ToString(); Marketings = this.GetDepartmentsFromAreaSelections(temp.Split(";".ToCharArray())); //for each "Marketing" checked foreach (var marketing in Marketings) { //disregard "None" selection if (!marketing.Equals("None")) DepartmentsOfInterest.Add(marketing); } } #endregion //"CRITICALS" #region "First-Presentation" temp = String.Empty; if (manuscript[this.m_sFirstPresentationFieldName] != null) { temp = manuscript[this.m_sFirstPresentationFieldName].ToString(); if (temp.Equals("Yes")) DepartmentsOfInterest.Add(this.m_sFirstPresentationDepartmentName); } #endregion #region "Biosequence Data" temp = String.Empty; if (manuscript[this.m_sBiosequenceDataFieldName] != null) { temp = manuscript[this.m_sBiosequenceDataFieldName].ToString(); if (temp.Equals("Yes")) DepartmentsOfInterest.Add(this.m_sBiosequenceDataDepartmentName); } #endregion #region "Chemical Structures" temp = String.Empty; if (manuscript[this.m_sChemicalStructuresFieldName] != null) { temp = manuscript[this.m_sChemicalStructuresFieldName].ToString(); if (temp.Equals("Yes")) DepartmentsOfInterest.Add(this.m_sChemicalStructuresDepartmentName); } #endregion #region "Detailed Formulation Data" temp = String.Empty; if (manuscript[this.m_sDetailedFormulationDataFieldName] != null) { temp = manuscript[this.m_sDetailedFormulationDataFieldName].ToString(); if (temp.Equals("Yes")) DepartmentsOfInterest.Add(this.m_sDetailedFormulationDataDepartmentName); } #endregion #region "Biologics Manufacturing" temp = String.Empty; if (manuscript[this.m_sBiologicsManufacturingFieldName] != null) { temp = manuscript[this.m_sBiologicsManufacturingFieldName].ToString(); if (temp.Equals("Yes")) DepartmentsOfInterest.Add(this.m_sBiologicsManufacturingDepartmentName); } #endregion #region "Pharmacology Data" temp = String.Empty; if (manuscript[this.m_sPharmacologyDataFieldName] != null) { temp = manuscript[this.m_sPharmacologyDataFieldName].ToString(); if (temp.Equals("Yes")) DepartmentsOfInterest.Add(this.m_sPharmacologyDataDepartmentName); } #endregion #region "BOTOX" temp = String.Empty; if (manuscript[this.m_sBOTOXFieldName] != null) { temp = manuscript[this.m_sBOTOXFieldName].ToString(); if (temp.Equals("Yes")) DepartmentsOfInterest.Add(this.m_sBOTOXDepartmentName); } #endregion #region "Legal" temp = String.Empty; temp = manuscript[this.m_sLegalFieldName].ToString(); if (temp != null & temp != String.Empty) DepartmentsOfInterest.Add(temp); #endregion } catch (Exception ex) { sEventHandler += ex.Message; } #endregion //SET DUE DATE DateTime dt = DateTime.Today.AddDays(1); sDueDate = dt.ToShortDateString(); ; //GET ALL UNIQUE APPROVERS Approvers = this.GetAllUniqueApprovers(_web, DepartmentsOfInterest, manuscript); //SET ITEM PERMISSIONS #region "Permissions" try { String currentuser = _properties.UserLoginName.ToString(); itemOwner = _web.EnsureUser(currentuser); //BREAK INHERITANCE if (!elevatedManuscript.HasUniqueRoleAssignments) elevatedManuscript.BreakRoleInheritance(false); //REMOVE ALL EXISTING USERS FROM ITEM foreach (SPUser user in _web.Users) { //if user is NOT site owner and not current user if (!user.LoginName.Equals(itemOwner.LoginName)) { //remove all user permissions from item elevatedManuscript.RoleAssignments.Remove(user); } } #region "For Owner of Document/Manuscript" if (itemOwner != null) { SPRoleAssignment sprole = new SPRoleAssignment(itemOwner); SPRoleDefinition siteRoleDefinition = _web.RoleDefinitions["Full Control"]; sprole.RoleDefinitionBindings.Add(siteRoleDefinition); elevatedManuscript.RoleAssignments.Add(sprole); } #endregion #region "For Approvers from meta data sheet" foreach (SPUser approver in Approvers) { SPRoleAssignment sprole = new SPRoleAssignment(approver); SPRoleDefinition siteRoleDefinition = _web.RoleDefinitions["Approve"]; sprole.RoleDefinitionBindings.Add(siteRoleDefinition); elevatedManuscript.RoleAssignments.Add(sprole); } #endregion //REMOVE ALL GROUP PERMISSIONS TO THE SITE foreach (SPGroup group in _web.Groups) { elevatedManuscript.RoleAssignments.Remove(group); } } catch (Exception ex) { sEventHandler += ex.Message; } #endregion #region "Writings out to list (Accession + EventHandler)" try { iAccessionValue = this.GetNewAccessionValue(manuscript); if (DateTime.Today.Month.ToString().Length < 2) sMonthValue = "0" + DateTime.Today.Month.ToString(); else sMonthValue = DateTime.Today.Month.ToString(); sAccession = "M" + DateTime.Today.Year.ToString() + sMonthValue + iAccessionValue.ToString(); //only add once. if there is a number in there, don't update. if (manuscript[this.m_sAccessionFieldName] == null) { manuscript[this.m_sAccessionFieldName] = sAccession; //update file name to <accession number> <document type> Due <date needed> DateTime dateNeeded = Convert.ToDateTime(manuscript["DateNeeded"].ToString()); manuscript["Name"] = sAccession + " " + manuscript[m_sPublicationTypeFieldName] + " Due " + dateNeeded.Month + "-" + dateNeeded.Day + "-" + dateNeeded.Year; manuscript["Editor"] = manuscript["Author"]; } manuscript[this.m_sEventHandlerField] = sEventHandler.Trim(); manuscript.SystemUpdate(); } catch (Exception ex) { sEventHandler += ex.Message; } #endregion Hopethis helps please ping back the post and let usinw..... -IvanIvan Sanders My LinkedIn Profile, My Blog, @iasanders.

Lot of people like CAKRIWUT believe item level permissions is security option but I think it is more to filter data for users. If you set permission through item level permission, your permission is only reliable to users who do not know much about SharePoint, fro experienced SharePoint users, there are various way to workaround this permission, like through url of view. Hope helpful John SharePoint Column Permission

Lot of people like CAKRIWUT believe item level permissions is security option but I think it is more to filter data for users. If you set permission through item level permission, your permission is only reliable to users who do not know much about SharePoint, fro experienced SharePoint users, there are various way to workaround this permission, like through url of view. Hope helpful John SharePoint Column Permission

Lot of people like CAKRIWUT believe item level permissions is security option but I think it is more to filter data for users. If you set permission through item level permission, your permission is only reliable to users who do not know much about SharePoint, fro experienced SharePoint users, there are various way to workaround this permission, like through url of view. Hope helpful John SharePoint Column Permission

Hi Spoon, Think again item level permissions are independent of views and audiences. If you or a group you belong to are not listed on the item as having permission, then you will never see the item and it will not be returned in a search... However, for the sake of discussion pplease provide an example of how an experienced user could circumvent item level permission.. -Ivan Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.