Dear all, this post is for Willy Vidable for thread in MSDN and its idea is by Clayton, and i am doing a step by step for Willy to help much better and also i wanted to post that workflow as i find it useful for all of us to use.
Step 1:
Create a custom list, you will have Column named Title by default, created another column named Assign to of type people and group.
and that’s it for the list.
Step 2:
Open your site in SharePoint Designer, click on workflow on the left navigation,
from ribbon on top, click list workflow, and choose your custom list you just created,
First put your mouse out of Step 1, and insert Impersonation Step, then remove Step 1 as we don’t need it
It should look like this:
Now put your mouse inside the Impersonation Step as this will make you see More Actions,
click on Action from ribbon, and under list category > click Replace item permission
Click on these permissions link, and click add, then click choose, don’t check on any check box of those permissions now,
we will come to it later, from Select users windows > click Workflow Lookup for a user, click add, keep datasource to current item,
from field from source, we will choose the Assign to column that we created in our custom list, now click ok till you reach to
the Add permissions windows, from here, based on your needs, choose the permission you want to give to the user,
who will work on the item created for him/her.
I choosed Contribute, but choose what suites you.
The second link is this list, we will choose the default, keep it current item.
Now save and publish, you will see the display message, give it ok, this is because of the impersonation step.
Now go to your site in the browser, and to our custom list, create new item, type in the assign to column,
the user who should have permissions on this item. and click the item, and from the ribbon choose Worflows, or
from the dropdown menu on the item title, or from dialog when you open the item,… more than one way..
you will see your workflow name that you created, click on it and click on start.
Now you should see on your custom list, that workflow completed, as we don’t have much steps, its only one.
you can add more based on your needs.
If you go now to see this item permission, you see it is not inherting anymore, but it has unique permissions and
and user you wrote in assign has the permission that we chose while create SharePoint Designer workflow.
Hope that helps.
Thanks Clayton for your idea, i add this dynamic steps to it.
Mai Omar Desouki 
Thank you for this post, it really helped me.
im now trying to figure a way to intgrate it in a, existent workflow.
i have a collect feedback workflow that routes documents for people to read and what i want to do is to give access to only designated peaple withing the workflow
Hi Mai,
Thanks for the post.
May I ask you a question about dynamic permission?
I am working on Sharepoint 2010. I have a docment libaray, this library conains resumes, and there is a column called “Interviwer”. I want a workflow that when someone upload a resume, it will send a task(collect data from user) to the interviewer.
Because the interviewer may not have site access, so I use dynamic permission. User can read the document but they can’t open the task in outlook. How can let interviewers open the task?
Hi Mai,
Thanks for the post.
May I ask you some advice for my workflow?
I have a document library contains resumes in sharepoint 2010. There is a column “interviewer”. I want a workflow that collect data from interviewer.
Because interviewers may not have site access right. So I use dynamic permissions.
The good news is interviewers can open the resume, but they can’t open the task in outlook.
What should I do?
Thank you. Your post was incredible.
Please, It’s possibl to use initiate parameter in action in case of “assign to”
Excuse me, Hi and thank you for your post
hi,
can you tell me if this is available in SP 2010 foundation
Yes It is available for SharePoint 2010 foundation.. if you are talking about foundation and server.
Hi Mai,
I have a similar case . I have an approval workflow so once this workflow finished it work and item has been approved by approvals I need to restrict all users who was control to this document from deleting or editing this item except the admin user ( fixed user ) who will have the Full access to this item.
so is there any advise for the same.
thanks in advance for your cooperation & help.
Hi Khaled,
There is an option for “Item-Level Permission” in “List settings” then “Advanced settings”; where you can decide who sees the item..
The below is copied from SharePoint list Advanced settings
[
Read access: Specify which items users are allowed to read
Option 1: Read all items
Option 2: Read items that were created by the user
Create and Edit access: Specify which items users are allowed to create and edit
Option 1: Create and edit all items
Option 2: Create items and edit items that were created by the user
Option 3; None
]
This is only regarding the user who created the item shall see it and no one else.
But regarding the admin too. I’d suggest you try the steps in this post as it does break item permissions inheritance & give item permissions to users who you may specify, my case was user who created the item & his/her manager.
Check both options, try & tell me.
Hi again Mai,
I fixed the same on my case i removed full control and contribute permission from authenticated users then add this permission to admin levels this solved my issues.
currently only administrator can edit or delete those document , Thanks for your response.
Glad it worked.
Anytime Khaled..
Very nice approach.
I wonder if it will work when has more that one users.
Very useful indeed, can we replace the user by a group – AD group?
(Jasmin, Jinane K. 🙂 )
Nice article. Beautifully explained.
Desouki, i want to change permissions of the user to whom change is requested. But i couldn’t find that event. Would you please share some info about it, if you know how to achieve that.
Thanks,
Ahmed Khan
I have a library and have many columns.
I have a column called discipline, where i have vaules HR, IT, Accounts etc. Also priority as High Medium Low.
Now if any document which belongs to HR and is High priority needs to be viewed only by HR active directory group members, and HR with priority low can be viewed by everyone and similar for other disciplines as well.
Let me know if the above can be achieved by sharepoint 2010 workflow. If yes, it would be helpful if you can guide me with the steps. I am stuck
HI this is a great post and very helkpful, however I am encoutering a unique issue here. My workflow modifes the permission of document based on category field value ( 1=Report,2=Article,3=TimeSheets,4=Design Document ). When I upload first document with category = 2/3/4, it works perfect and provisions the permission accordingly, but in next passes it does not recognize changed category value it always picks up the category value as 1 and provisions permission accordingly. Any help would be highly appreciated.
works great! Just one question – is it possible to have this workflow run automatically after a new entry is added?
sorry just missed the ‘start options’ settings. I enabled ‘start workflow when item is created’ and it’s automated now.