Tag Archives: SharePoint Security

Use Workflow to Simulate Content Type Security

Another day, another MSDN-forums inspired post.

Someone was asking whether they could secure a content type such that when a user clicks on the “new” button on a custom list, only content types to which that person is granted access would appear in the drop-down list.  As we know, this isn’t supported out of the box.

This question comes up now and then and this time, I had a new idea.  Let’s assume that we have scenario like this:

  • We have a helpdesk ticketing system.
  • The helpdesk ticketing system allows users to enter regular helpdesk ticket info, such as problem area, problem status, etc.
  • We want to allow “super” users to specify an “urgency” field.
  • Other users don’t have access to that field.  The system will always assign “medium” level priority to their requests.

What we could do is create two separate SharePoint lists and two different content types, one for “super” users and the other for everyone else.

Workflow on each list copies the data to the master list (the actual helpdesk ticket list) and the process proceeds from there.

This approach might work flow a kind of column level security as well. 

I haven’t tried it, but it feels reasonable and gives a fairly simple, if pretty rough, option to implement a kind of content type and even column level security.

</end>

Subscribe to my blog.

Follow me on Twitter at http://www.twitter.com/pagalvin

Content Approval as Poor Man’s Automatic Item Level Security

There’s a common business scenario with InfoPath forms.  We want allow people to fill out InfoPath forms and submit them to a library.  We want mangers (and no one else) to have access to those forms.

This question comes up now and then on the forms (e.g. http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/76ccef5a-d71c-4b7c-963c-613157e2a966/?prof=required)

A quick way to solve this is to enable content approval on the form library.  Go the library’s version settings and set it up as shown:

image 

Click on “Require content approval” and that will allow you to pick a value for Draft Item Security.

It’s a little counter-intuitive because we don’t think in terms of “content approval” when all we want to do is prevent people from seeing other users’ forms.  However, it works well (in my experience).  Just don’t approve those forms and they’ll always be considered “drafts”. 

Give approval rights to the people who should be able to see them and you’ve closed the loop.

This isn’t exactly big news, but the question does come up with some regularity, so I thought it would be worth posting.

</end>

Subscribe to my blog.

Follow me on Twitter at http://www.twitter.com/pagalvin