Here is a real-life scenario. You have built a list in SharePoint so that users can submit entries, but you only want users to be able to read or modify their own entries. An example of such list could be a submission form to Human Resources (Vacation Request) or a HelpDesk ticketing system. Unlike other types of lists, you might not necessarily want to have the whole list (all rows) be open to everyone, and instead only want users to access and edit their own submissions. This would be addressed by a SharePoint feature called “Item Level Permissions”.
How do Item Level Permissions work?
Permissions to the list itself would be controlled by the site or list security, via security groups and permission levels. To read more about how to set security properly for the site, click here.
However, even if you set unique security for a SharePoint list, it applies to the whole list or in other words – all items. To set unique permissions behavior for the items themselves, you would need to configure the feature called Item Level Permissions.
How to configure Item Level Permissions?
It is actually quite easy and straightforward. To enable Item Level Permissions, go to List Settings > Advanced Settings.
Scroll a bit down and you will see Item Level Permissions section.
Inside the section, you will see two categories
- Read access and
- Create and Edit access
Let me explain what all of these mean using the example of John and Mary (2 colleagues having access to the list):
Read all items
If this is checked, everyone who has access to the list will be able to read any items, whether they were created by the user logged in or someone else. That means that John will be able to read Mary’s entries and vice versa. This is the default behavior of a SharePoint list.
Read items that were created by the user
If this is checked, John will only get to see entries he created, and Mary will only see the entries she created. They won’t get to see each other’s entries.
Create and edit all items
If this is checked, everyone can create and everyone can edit each other’s entries. So both John and Mary will be able to create items and John will also be able to edit Mary’s items and vice versa. This is the default behavior of a SharePoint list.
Create items and edit items that were created by the user
If this is checked, both John and Mary will be able to create items, but John will only be able to edit items he created and Mary will only be able to edit items she created.
If this is checked, neither John nor Mary will be able to create or edit items. This scenario is probably very rare and might only make sense for certain business scenarios and workflow situations.
- Item Level Permissions configuration above applies to users with Contribute and Edit access to the site or list. If you want users to overwrite Item Level Permissions – they need to have Design Permission Level to the site or list. In other words, if a user has Design permissions level at a site or list level, the Item-Level Permissions would not apply to that user. Using the example above, you can use this to your advantage and say, assign Contribute permission level to John and Mary (staff/users who will be submitting entries) and Design permission level to their manager who would need to have Read/Edit access to all entries in the list, regardless of Item Level Permissions settings.
- Item Level Permissions functionality is available on most web parts/lists: Custom List, Calendar, Tasks, Contact List, Discussion Board, Announcements, Links, Promoted Links. It is not available on Issue Tracking web part or a Document Library.
- If you have enabled item-level permissions on a list, you would not be able to set up alerts for that list. When you try to do this, you will get an error message: You cannot create alerts for lists for which users can only read their own items. This does make sense because you don’t want to be alerted to something you won’t have access to.
Examples of how you could use Item Level Permissions in real world
- HR Submission form (i.e. mileage reimbursement request, where only you and HR can see your entries)
- Vacation request form (where you will submit vacation request to manager and only you and manager can view your requests/submissions)
- Help Desk Ticketing system (where you want users to submit entries, but do not want others to see other users’ tickets)
- New project or project site request form in PMO (where project manager can submit a project request but it is only visible to that project manager and PMO staff)