Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Using the WSS3.0 API to add items to a list; how to set the "Create

  Asked By: Antoinette    Date: Jun 19    Category: Sharepoint    Views: 2597

I need to restrict access to list items based on the user login.
If we add records to a list manually, all is fine.
If we add records to a list via a program, the "created by" field is
set from the program ID.
I want to set the value of "created by" (as used by WSS permissions)
via the upload program.
I tried using a field created by , but it added a new field, did not
use the existing (protected?) field.



6 Answers Found

Answer #1    Answered By: Demetrius Mcdaniel     Answered On: Jun 19

I think that security rules would prevent you from saying that an
ListItem was create  By someone other than the security context that it
was created  by.

Answer #2    Answered By: Jake Harvey     Answered On: Jun 19

I was hoping there would be an "aliasing" or "proxy" capability that
would be in the same line as other areas of windows.
Without this, I have no "standard" way to control access  to any list
programmaticaly uploaded.
This would be a major drawback, as I would then need to either
a. write new permission logic (want to avoid)
b. hard code a filter in each list  (cumbersome)
c. do something "back door" in sql (bad)
or ......

Answer #3    Answered By: Ricky Kennedy     Answered On: Jun 19

To accomplish what you wish, you can impersonate the user  (if using the
object model) or create  a network credential for the user (if using web

This will require the password of the user.

Answer #4    Answered By: Robin Sparks     Answered On: Jun 19

I'm assuming you are using the list  advanced setting "Only see their own items",
which filters the list based  on created  By. I believe MySites uses this same
method for retrieving user  created items. I don't know of any good way to get
that to work when programmatically adding items.

I think there is another option that will get you close, although I've never
used it. set  the security per item programmatically (which will not require the
password). You can do this using the object model. add  an event receiver to
the list and hook into the ItemAdded event. In this event handler, create  a new
SPRoleDefinition, which defines the level of access. Create a new
SPRoleAssignment based on the SharePoint user login, bind the role definition to
the role assignment and then add the new role assignment to the
ListItem.RoleAssignments collection (you may want to clear the current role
assignments first).

This has the effect of applying permissions to the item level, so the user would
never be able to see anything other than their own items  (or however you decide
to set it up). However, the Created By will still be the username of the
security context it was created in, so it will probably not work for MySites
content aggregation.

This link should get you off to a good start:

Answer #5    Answered By: Dusty Houston     Answered On: Jun 19

I know List Views are not securable, but if all you are looking for is
the ability to show ListItems by a specific individual, can't you create
a Person column, set  it to the correct individual when programmatically
generating the ListItem and then filter it using [me].

Answer #6    Answered By: Felix Hardy     Answered On: Jun 19

User the "Author" field.
From onet.xml:
<Field ColName="tp_Author" ReadOnly="TRUE" Type="User" List="UserInfo"
Name="Author" DisplayName="Created By" ></Field>


Related Topics:



Related Post