Use Workflow to Simulate Content Type Security

Another day, another MSDN-forums inspired post.

Someone was asking whether they could secure a content type such that when a user clicks on the “new” button on a custom list, only content types to which that person is granted access would appear in the drop-down list.  As we know, this isn’t supported out of the box.

This question comes up now and then and this time, I had a new idea.  Let’s assume that we have scenario like this:

  • We have a helpdesk ticketing system.
  • The helpdesk ticketing system allows users to enter regular helpdesk ticket info, such as problem area, problem status, etc.
  • We want to allow “super” users to specify an “urgency” field.
  • Other users don’t have access to that field.  The system will always assign “medium” level priority to their requests.

What we could do is create two separate SharePoint lists and two different content types, one for “super” users and the other for everyone else.

Workflow on each list copies the data to the master list (the actual helpdesk ticket list) and the process proceeds from there.

This approach might work flow a kind of column level security as well. 

I haven’t tried it, but it feels reasonable and gives a fairly simple, if pretty rough, option to implement a kind of content type and even column level security.

</end>

Subscribe to my blog.

Follow me on Twitter at http://www.twitter.com/pagalvin

3 thoughts on “Use Workflow to Simulate Content Type Security

  1. Jason Rendel

    Odd you mention this. I was thinking about something similar for a site requests list where site owners can request reports, new features, permission changes, etc. Instead I was thinking of using javascript to remove the menu options and then use a custom page that double checks security as well.

    Reply
  2. Adrian Murphy

    The Javascript option is not recommended and if you are security audited, you’ll fail on the likes of XSS injection.

    Reply

Leave a Reply to Jason Rendel Cancel reply

Your email address will not be published. Required fields are marked *