Managing permissions on sensitive SharePoint list items that have to be routed for approvals RRS feed

  • Question

  • In SharePoint 2010 workflows, the "Replace Permissions" step allowed us to limit permissions to list/library items so that the user and a specified manager and even a permissions group name specified in a field on that form could have permissions to that item. 

    Now that we are moving to SharePoint Online and Power Apps, I am trying to figure out the best way to handle these unique permissions requirements. The out of the box "item level permissions" that allow a user to only view/edit their own submissions won't work for us. We have a large number of offices all submitting forms - like a telework request that contains someone's home address, for example - to a single list and managers need to see their employees' requests but not those from other offices. Plus the HR group that handles telework would need to see ALL of the requests. We have 100+ district and division offices, so having each area keep their telework requests on their own subsites COULD be an option, as long as there's some easy way for HR to have oversight over the whole thing without having to manually go to each individual office's site.

    Setting permissions via a Flow seems rather complex, especially compared to how easy it was in SharePoint 2010 workflows. Plus, there's a limit of 5,000 unique permissions per list. There are a couple of instances where we are going to get more submissions than that (like on a purchase request) in a year.

    So is the solution to suck it up and set up a Flow that replaces permissions, and then for any large library, break it up by fiscal quarter or whatever to ensure we stay under 5,000 unique permissions per list? Or is there a way to maintain data on a ton of subsites with oversight by the program office at a high level? Or is there some other way to best handle our requirements?

    • Edited by NickiPT Thursday, November 5, 2020 7:35 PM
    • Moved by Dave PatrickMVP Thursday, November 5, 2020 7:42 PM looking for forum
    Thursday, November 5, 2020 7:24 PM