As we know SharePoint has predefined set of OOB permission levels, i.e.
full control, contribute, designer, and etc. Most of the time these
permission doesn't provide us the desired functionality. The most
permission level that provide us the exact requirement is Designer role
in publishing sites.
For example if we have a approval workflow and
assigned specific user to Designer role as approver we need take into
account that Desinger role has delete permission. For instance if
approver deletes what he need to approve( this is not we are expecting).
The solution for this is to edit OOB permissions for desinger role and
to prohibit 'delete items' action, or create a new role and we need to
pay attention to roles we are using in production system just to avoid
such cases
No comments:
Post a Comment