As you probably know, there is an item-level permissions feature that can be a solution to this problem BUT it's only available for lists, not Document Libraries. Please remember this before you make a promise you cannot deliver.

The proper way to solve this problem is to set permissions on the item level. Since you cannot use the feature I mentioned above, the only way to do it is to create server side code which configures it. In this case I am going to use a custom workflow solution (an event handler might also do). The wrong approach for solving this problem might be using JQuery or something similar, because malicious user can easily trick the system and still see and edit the document he is not allowed to.
Unfortunately, you cannot use SharePoint Designer Workflows to achieve this because there is no activity to configure permissions on item level, and, to my amazement, there are no community created SPD activities to solve this either.

In order to solve the problem I created a custom workflow solution that does the following:
  • Breaks inheritance of permissions for the file in a document library
  • Deletes all existing permissions
  • Grants contribute rights to workflow initiator
Please note: This is bit limiting but in case you need more flexibility here, let me know as I am interested to give some additional configuration options here.

This workflow solution is published as open source solution. All you ideas, feedback and development efforts will be welcomed.

Last edited Jul 6, 2009 at 5:56 PM by toni, version 2