Controlling access to content is one of the most important (and complex) challenges in building collaborative SharePoint solutions. In real-world scenarios, users often need dynamic, record-level access control: for example, restricting external vendors from seeing each other's data, or limiting editing rights after approval.
The Manage Permissions Action in Ultimate Forms solves this elegantly. It lets you assign, revoke, or modify SharePoint permissions based on rules you define—without custom code.
Available Operations in Manage Permissions Action
You must create separate actions for each operation. The following types are available:
Action Type |
Description |
Stop Permission Inheritance | Breaks inheritance, enabling unique permissions at target level |
Inherit Permissions | Restores permission inheritance |
Add Users |
Gives specific permissions to the specified user/group. This action causes creation of unique permission |
Remove Users | Removes permissions of the specified user/group. This action causes creation of unique permissions |
Add User to Group | Adds user to a SharePoint group |
Remove User from Group | Removes uses from a SharePoint group |
Create Group | Creates a new SharePoint group on the site |
We’ll walk through a use case where each project item in a list is assigned to a vendor, and we want only that vendor (and the project manager) to have access to the record.
Instructions
Step 1: Prepare Your List
Make sure your list has:
- A Person field for vendor contact (e.g., Vendor Contact)
- A Person field for internal owner (e.g., Project Manager)
Step 2: Action #1: Break Inheritance
- Name: Break Item Inheritance
- Trigger: On item added
- Action Type: Stop permission inheritance
- Scope: Item
- Affected items: ID = [ID]
- Enable Copy permissions to preserve inherited permissions initially
- Save the action
Step 3: Action #2: Remove Permissions (Optional)
If you want to clean out default permissions:
- Name: Remove Existing Permissions
- Action Type: Remove User
- Scope: Item
- User or Group: [Created By] or any unwanted users/groups
- Affected items:: ID = [ID]
- Save
Repeat for each group you want to remove.
Step 4: Action #3: Grant Access to Vendor
- Name: Grant Access to Vendor
- Action Type: Add Users
- Scope: Item
- User or Group: [Vendor Contact]
- Permission Level: Contribute or Edit
- Affected items: ID = [ID]
- Save
Step 5: Action #4: Grant Access to Internal Staff
- Name: Grant Access to Project Manager
- Action Type: Add User
- User or Group: [Project Manager]
- Permission Level: Edit
- Scope: Item
- Affected items: ID = [ID]
- Save
Step 6: Optional: Add to Group Instead
Instead of assigning permissions directly, you can add a user to a group:
- Action Type: Add User to Group
- Group: Project Viewers
- Useful when permissions are managed at the group level
Real-World Example: Vendor Access Control
You maintain a SharePoint list called Projects. Each item is a project assigned to a vendor. These vendors must never see each other’s projects.
Using Manage Permissions, you:
- Break inheritance per item
- Remove default access
- Grant access only to [Vendor Contact] and [Project Manager]
This way, one list serves many vendors securely, without creating duplicate lists or sites.
Watch this quick video walkthrough from Infowise:
Tips & Best Practices
- Each action handles one permission operation—chain them carefully
- Always break inheritance first before trying to assign custom permissions
- Use runtime tokens like [ID], [Created By], or [Vendor Contact] for dynamic targeting
- Use conditions (e.g., [Status] = Approved) to restrict permission changes
- Remember: if permissions are not applied as expected, verify if inheritance was broken first
Summary
With Manage Permissions Action, you gain full programmatic control over access in SharePoint, down to individual records and folders. It empowers you to build secure, user-specific experiences without resorting to separate sites, manual configuration, or third-party tools.
Whether you're building a vendor portal, department tracker, or approval process, Ultimate Forms makes it possible to meet the most demanding access requirements—flexibly and efficiently.