list item permissions and SpServices - Will it work?

Jun 25, 2012 at 8:33 AM

Hi All,
     This is one thing i haven't tried with SPServices.
Security timming on item level permissions. I did read that this is not possible with web services.
Is this possible with SP Services?

So for example if each item has different users or groups assigned.
Will security trimming apply if i use SpServices?So user who have access on the item can see it and users who don't have can't see it.

Any ideas if it can be done?
Cheers and thanks in  advance.

Jun 25, 2012 at 2:01 PM

I guess it really depends on what you want to do with the information. What are you wanting to display and how do you plan to display it?

Jun 26, 2012 at 2:00 AM

Thanks spevilgenius
I guess i just want to display a normal view with titles and created date for example....

Any ideas?

Jun 26, 2012 at 11:53 AM

This is doable, but it is not as easy as it does require a bit more work. For example, if all users have read permissions on the list, then looping through the items may be easier even if the items have individual permissions. One way that I do things like this is I break my code into smaller functions and the use the try/catch feature of javascript. If you area looping through the result of a getlistitems on a list, you can "try" to read the data and then "catch" any errors. This way if a user can not see an item, then it will "skip" that item but not just fail completely. I am trying to find some code to express what I mean.

Coordinator
Jun 26, 2012 at 1:36 PM

The Web Services are run in with the current user's authentication. That means that each user will only see objects (list items, sites, etc.) that they have permission to see. There's nothing you have to do to filter things for permissions. In fact, you can't show users objects they don't have permission to access:  there's no concept like elevated permissions as there is on the server side. If you think about it, that's a very good thing.

M.

Jun 26, 2012 at 1:48 PM

Yes, what Marc says is true. However, in my experience with item level permissions, things can get hairy when trying to iterate the items. Just my experience and your mileage may vary!

Jun 26, 2012 at 2:48 PM

I've never *seen* anything I didn't have access to via Web Services.  If you could skirt security, then it'd be child's play to crack open browser tools and look at data that you don't have access to.  That just doesn't make sense.

Cheers,

Matt

Jun 26, 2012 at 2:51 PM
Very true Matt!

Sent from my iPhone

On Jun 26, 2012, at 10:49 AM, "iOnline247"<notifications@codeplex.com> wrote:

From: iOnline247

I've never *seen* anything I didn't have access to via Web Services. If you could skirt security, then it'd be child's play to crack open browser tools and look at data that you don't have access to. That just doesn't make sense.

Cheers,

Matt