How to Set SharePoint Item Level Permissions based on Column and Field Values

Introduction

 

There are many instanced in SharePoint that you may want to store many items in a list or library, but you don't want everyone to have equal level of access permissions on the items stored. For example, you may have a library of projects and each project has a proposal. You may want the proposal documents to only be visible to certain group. Or you may have contractors with access to your library and don't want to them to access certain types of files etc.

 

You can do this in SharePoint using one of the following options

 

• Option 1 - Using SharePoint Designer Workflow
  
  
• Option 2- Using Tru Permission Automation Tool

 

Option 1 - Using SharePoint Designer Workflows

 

If you are not aware SharePoint has workflows. Workflows allows you to do various things in SharePoint such as update a column based on a trigger, or create approval processes, etc. If you're new to workflows this is not the best article to go over them. However we will assume basic knowledge of workflows.

 

To build workflows you will need SharePoint Designer which is a free tool you can download from Microsoft Website.

 

You will open SharePoint Designer a workflow for your list or library. You will essentially need to

 

1. Open the site collection where your your target library is
2. On the Navigation pane on the left click Workflows
   
   
3. Click "List Workflows" in the ribbon, then select the library where you wish to associate the workflow to, in my case here its documents.
   
   
   
4. Enter a name for the workflow "Permissions" and select SharePoint 2010 workflow, if you don't you will not get the option to modify permissions.
   
   
   
   
5. Select the white space above the step1 box, and make sure the orange line is showing above, this will enable the Impersonate Step.
   
   
6. Click on Impersonate Step
7. Start typing in the Impersonation Step box "Permissions" then hit Enter. This will then display all actions that contain the word permissions in them
   
8. From here you you can pick what you need to do. In our case we can add a permission
   
   
   The workflow deisgner now looks like this:
   
9. Now we publish the workflow and test it. So click on Publish in the ribbon
   
10. Note that the workflow will notify you that the workflow is going to run as the user you are logged into Designer with. This means your current curredentials publishing this workflow must have full control to properly run this workflow.
    
    
    
    
11. Click OK
12. Finally lets set the workflow to start automatically when an item is changed or added. This will make it automatically change the permissions without user intervention.
13. Click on the workflow, select the workflow then you will see. Select Start workflow automatically when an item is created. and start workflow automatically when an item is changed.
    
    
14. Now Publish again
15. To test, let go tot he library and try to edit a property of a file per screenshot:
    
    
    
16. Modify the name or title fileds then click save
17. Notice that a new column got added to your library with the name of the workflow and it shows complete. That is a great thing
    
    
    
    
18. Now go to the permissions of the item and verify that the permission workflow go executed.
    
    
19. Click on Shared with -> Advanced
    
20. From here you can see that Alpesh was granted edit permission just like the wokflow described.
    
    
    
    

Option 2 - Using Tru Permission Automation Tool

 

The Tru Permission Automation tool is an add-in for Office 365 and SharePoint online that provides you with a turn key solution to setting permissions on items base don column values. Once you install it. You can configure it per library. You would click on Permissions in the Ribbon of the library then you will see the screen below:

 

 

​

 

The screen below allows you identify

1. Always Permissions
2. Rule based permissions

 

 

Always permissions are permissions that need to be applied to the item ALWAYS. Permissions you would put here is Lits Administators etc.

 

Column based permissions are ruls you would set per column. You would for example identify a column you want the permissions to be based on then you would set what permissions to apply on the item based on the values of that column.

 

Example a Rule Could Say:

 

1. For column "Team"
   1. If Team = "Red"  then grant team RED edit permission
   2. If Team = "Blue" then grant team Blue edit permission

 

You can set those permissions based multiple columns or fields.

 

Here is a good video that shows the details of this application.

 

​