Commonly, in most of the PPM implementations, you will come across requirements for configuring workflows which will have some kind of Task assignment such as Approvals associated with it. These tasks are stored in a Workflow Tasks List that is configured with the definition of the Workflow. All the tasks created during the execution of this workflow will go to this same list. And users, whom these tasks are assigned to, can then access this task list and perform the required operation. Since the task list is common for all users, a common requirement arises that a user should be able to see the tasks which are assigned to them. Usually this requirement is handled through the use of SharePoint List Views where a Filter is used to display items assigned to “me”. While this approach is simple and quick, it has two major drawbacks:
- Filters provide UI Level filter and is not a security control, hence the user can still change the view to all items or any view which does not have that filter and can still access tasks assigned to other users.
- Filter does not work on groups, e.g. if a task was assigned to a SharePoint group in which the user is a member of, the user will not see the task in its lists as it is not directly assigned to him/her.
To work around the above issue, apply item level permission to each task and this blog will tell you how to do that.
- Create an item in the task list and check the item’s permission, make a note off all the groups and users who has access to this list through permission inheritance, also keep a note of the permission level assigned.
- On your task list create a SharePoint 2010 List Workflow, make sure the workflow is configured to run on item creation.
- Add an Impersonation Step.
- Add a Remove List Item Permissions.
- For each group that had the permission through inheritance, you need to add a line under Remove List Item Permission action.
- Once all the group details are added, insert Add List Item Permissions action.
- For Assigned To user in Current Item, give contribute permission
- And finally, Publish the workflow.
Now users, whom the task is assigned to, will have permission on it only. This will also work if the task is assigned to a SharePoint group.