A few weeks ago Duncun commented on one of my posts“Still hunting for the holy grail of a solution that ONLY allows users to view or edit documents they have created themselves.”

The problem

As you probably know, there is an item-level permissions feature that can be a solution to this problem BUT it’s only available for lists, not Document Libraries. Please remember this before you make a promise you cannot deliver.

Figure 1. – Item level permissions on custom list

The solution

The proper way to solve this problem is to set permissions on the item level. Since you cannot use the feature I mentioned above, the only way to do it is to create server side code which configures it. In this case I am going to use a custom workflow solution (an event handler might also do). The wrong approach for solving this problem might be using JQuery or something similar, because malicious user can easily trick the system and still see and edit the document he is not allowed to.

Leave a Reply