Item-level permissions on document libraries.

I recently had a client requirement where the client wanted to created a “drop box” type of document library, where users were able to modify and view only there own documents. I knew this possible in custom lists through this option being displayed in List Setting / Advanced Settings link.

Only Their Own settings

What I didn’t realise was that this option wasn’t displayed in document libraries. I found this post from Matt Morse that had the solution to this problem. Matt points out that when you take a look in the Microsoft.SharePoint.ApplicationPages.dll the following code exists in the AdvancedSettingsPage class’s OnLoadEvent.

this.ItemLevelSecurityPanel.Visible = (type != 1) && (type != 5);

Where type is the base type of the list (1 = doclib, 5 = issues)

The Fix

Matt has written a great little tool here, and the source is available here. The code is pretty straight forward as you can see from the snippet below.

    SPSite site = new SPSite(siteUrl);
    SPWeb web = site.OpenWeb(webUrl);
    SPList list = web.Lists[listName];

    PropertyInfo pInfo = list.GetType().GetProperty(propertyName);

    if (pInfo.PropertyType == typeof(int))
        pInfo.SetValue(list, Convert.ToInt32(propertyValue), null);
    else
        pInfo.SetValue(list, propertyValue, null);

    list.Update();

    web.Dispose();
    site.Dispose();

The property that we are setting in this case is ReadSecurity and WrtieSecurity the possible values are documented in these MSDN pages. In my case I was setting “Users have read access only to items that they create (2)” and “Users can modify only items that they create (2)”. Using Matt’s tool I basically just entered the following from the command line.

SPSetListProperty “http://server” "/Site" "Document Lib" "ReadSecurity" "2" 
SPSetListProperty “http://server” "/Site" "Document Lib" "WriteSecurity" "2"

Once this was done the document library performed exactly how we required, now the users who have contribute permissions can use this library to view and edit only their own items, and owners are able to see all items in the document library.

Advertisements
Posted in MOSS. 2 Comments »

2 Responses to “Item-level permissions on document libraries.”

  1. Erik Says:

    Hello Chris,

    I found your blog when searching for some sort of dropbox functionality for a document library. You posted exactly what i was searching for. I did however found the post from Matt Morse too, and maybe you should copy the security note to your post that he added at 5/4/2007.

    When users open the explorer view of a document library that has been configured with SPSetListProperty.exe, they can still see all other user’s documents. The change that is made only effects the GUI.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: