SharePoint "Add items" permission is allowing editing. How do I stop it - sharepoint-2007

In SharePoint, I want users to add items but not be able to edit or delete them after. The "add item" permission shows "edit" not checked (i.e. so they should not be able to edit) However, they can. Any suggestions?

Are you testing as a site collection admin? they ignore permissions

SharePoint works on a highest permissions policy so if a user is in 2 groups which have permissions to the list and one group can edit but the other group cannot, they will get the edit permissions from the first group.
I would suggest double checking the permissions on the list and (as djeeg mentions in his answer) make sure you are not testing as the Site Collection Administrator as they have complete/full permissions to everywhere in the site collection regardless of what permissions you set the user in People and Groups.

Related

TFS allow some users just to view the work items and queries

I am using TFS 2015. I make one user as Readers in project settings but still the user is able to create and update work-items/bugs. So, I am confused what I need to do in order to allow a user to just view the work-items/quires/stories but not add/edit any item.
The Readers group setting does not restrict ability to edit or create work items. You can do that in area path security settings Set permissions and access for work tracking. So you may create new group (in example Disallow Access Group). Then open security setting for the root area.
Deny needed permissions
In your case you have to enable View work items in this node
If you have the user only in the Readers TFS group of the given team project, the user will not be able to able to add/edit work items.
This can happen if you have altered the group membership, so that Readers are member of the Team (the team created by default or a new team), which is default a member of Contributors. This way readers TFS Group get inherited from Contributors permissions.
Verify the Readers group has below as permissions (default)
and it is not something like below
The other possibility is your user has collection level permissions so the project permissions are inherited to allow by default.

Jira: Limit assignee list to these users which are allowed to see the issue

I try to configure my Jira system to work with different groups of users with different privileges. The restriction which user is able to access an issue is solved by configuring an issue level security. I let the assign-issue-privilege open to anyone because Jira cannot work with user groups out of the box. With this option anybody can assing an issue to other team members.
This combination makes some trouble because somebody can assign an issue to another user who cannot see this issue because of the issue level security. Does anybody know how the user pick list for the assignee can be limited to the users who are able to see the issue?
Thanks in advance!
You can achieve and limit different user privilege by creating Permission Scheme and restrict them to assign user.
You can create multiple groups and multiple permission schemes.
http://screencast.com/t/XWCMK9h2v
One group i.e. "TeamLeads" and their permission schemes "TeamLeadPermissions" and have permission to "assign users"
Another Group "TeamMember" and they have separate permission scheme "TeamMemberPermission" which doesnt have a permission.
Then you can assign both groups to the project.
So who has permission to assign user can view all the members of the project and other don't. Please mark as answer if it helps.

TFS 2012 security - allow users to edit status of work items

My organization wants to use TFS to track user sign-off of work items by changing the work item Status. The first user I asked to view a work item in TFS is being prevented from viewing the work item. How do I set permissions for him to view and edit the work item status?
I suggest you to access your Web Portal of project, select Security section ensure that your user have permission, exist in Contributors Group that contains permission. (Best practise is to set contributor group to your members team)

Item level permission for sharepoint custom list

I have created a custom list with work flow associated with that. The workflow takes the item through different levels of approval.
My workflow scenario is like say an initiator add an item, which will go to manager for approval. When the manager approves, few columns in the current list will get updated. On manager approval it will be forwarded to head of department. Again when the Dept head takes an action, the column values of the list get updated. For all these users i have set Contribute permission. But the problem is that an item started by an initiator should not be editable or deleted by other users using the pull down menu that appears for each item. Only the owner of the item and manager should have permission to edit it using the pull down menu. When I tried changing the edit access for the item through Advance settings-->Item level permission --Edit access being set to "Only their own" while manager or dept head approving I get an access denied error message.
Can any one please suggest me what is the work around for this?
Welcome to the not-perfect world of Sharepoint Item level permissions...
You will not get far with Sharepoint 2007 standard stuff, because what you need is a Workflow with Impersonation - why do you need it?
You want to set item level permissions depending on the state your workflow is in. You can only change permissions when you have the right to do so - Workflows run as the user who started the workflow, so your user would need the right to change permissions -> You don't want every user to have that. So there is this thing called "impersonation" (which comes as an activity with Sharepoint 2010). Impersonation you can only achieve using a custom activity with SHarepoint 2007.
Once your Workflow is running under an elevated account, you can change permissions for the Current item easily, i.e. give contribute permission to someone and retract read permission from someone else.
There is a good article on how to implement item level permissions for Workflows and Sharepoint 2007 here:
Custom Activity Workflow for implementing Item Level Security in SharePoint Designer 2007 (sorry coding involved)
If you really don't want to code there are some useful projects on Codeplex:
Useful Sharepoint Designer Custom Workflow Activities (in particular "Grant Permission on Item " Activity)
Please be aware that item-level permissions and large lists dont mix very well. It can cause some performance issues on the list.
Please take a closer look at the
http://technet.microsoft.com/en-us/library/cc262787.aspx
under
Security scope
1,000 per list
Type: Threshold
The maximum number of unique security scopes set for a list should not exceed 1,000.
A scope is the security boundary for a securable object and any of its children that do not have a separate security boundary defined. A scope contains an Access Control List (ACL), but unlike NTFS ACLs, a scope can include security principals that are specific to SharePoint Server. The members of an ACL for a scope can include Windows users, user accounts other than Windows users (such as forms-based accounts), Active Directory groups, or SharePoint groups.

Regarding Sharepoint Custom List

I have created a sharepoint custom List. When clicking on it displays all the data stored in the site.
I want this list visible to the Administrators.
But I do not want this to visible to the Read only user of the sharepoint site.
I have tried to use audience settings. But on Custom List created I cannot have any option to target a group of user or any user.
Could any one help?
Go to List Settings > Permissions for this list and select Actions > Edit Permissions. You can then remove the users and groups that should not have access to this list.

Resources