Set item level permissions (break role inheritance and assign permissions)¶

This article will show you a simple case with approval scenario. In this example, a SharePoint developer has to implement a document approval scenario. The approach described in this article works in SharePoint 2013 / 2016 as well as in SharePoint Online in Microsoft 365.

But there are some nuances in the case. When a user sends a document to approve, the workflow should reset permissions for everyone except a user who has approval task now.

In this case, we guarantee that no one else could change the document after the process was started.

If the document was rejected at some stage, the workflow will change permission back and allow to author to fix the issues with the document.

In case, that everything is OK, at the final stage of the approval workflow it will set up read-only permissions for all users. Please have a look at the whole workflow in the SharePoint Designer. You can use it as basic skillet of the similar workflow of course in the real-world scenario you need to add notifications and may be some more approvals or different permission levels.

At the end of the article I want to notice that to implement the case I used only two workflow actions, but Workflow Actions Pack contains a bit more, please have a look at the list below:

Permissions management

• Add User to SharePoint Group

• Remove User from SharePoint Group

• Is User Member of SharePoint Group

• Get Members of SharePoint Group

• Set Up Default Group for the Site

• Grant Permission on Site

• Remove Permissions from Site

• Grant Permission on List

• Remove Permissions from List

• Grant Permission on Item

• Remove Permissions from Item

• Restore Permissions Inheritance for Site

• Restore Permissions inheritance for List

• Restore Permissions Inheritance for Item

• Remove All Permissions from Site

• Remove All Permissions from List

• Remove All Permissions from Item