Structuring permissions for existing HR site

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/245893

質問

I'm tasked with both locking down and giving users access to an old HR site.
There are some lists and a couple of document libraries (~500 items in largest list/library, in the span of some years).

Every item has a field for which employee it is connected to.

  • HR administrators should see all items.
  • Department managers should see all items of employees in the same department.
  • Users should see their own items.

I'm thinking about programmatically setting item permissions, as performance for so few items shouldn't be a problem (technically; pnp + Azure Functions + list subscription).

But is there any way I could lock the lists down, so by default only site administrators would see new items?
- I tried item-level permissions (advanced list settings), but then I'm not able to show the items to department managers. I'm going to break inheritance of every single item, I see not other possibility, so then this problem will be solved anyway, but the main problem is that new items will be visible for everyone until my code has fixed the item permissions. Also; are there any alternative approaches (OOTB) I could use instead?

役に立ちましたか?

解決

You could try adding a new Permission Level with ViewFormPages and AddListItems as default permissons since you have to manage the perms pr item anyway afterwards. 

Add-PnPRoleDefinition -RoleName "AddOnly" -Include ViewFormPages, AddListItems
ライセンス: CC-BY-SA帰属
所属していません sharepoint.stackexchange
scroll top