Methods are exposed through GUI items, such as menu items, toolbars, the quick find menu, and drilldown items. For a user to have access to a particular method, the user must belong to a role related to an access group that contains that method. You can further restrict access to methods by restricting their availability based on an owning group.
When you relate an access group to a role, you can limit that relationship based on the owning group of the object. In other words, you can grant permission to the methods in an access group to users in a role only when the object they have selected belongs to specific owning groups. Using this approach, a user's role may grant them permission to update objects that belong to one owning group, but not the objects that belong to other owning groups.
To restrict access to a method by owning group, you must set the following properties on the applicable relationships to turn on filters and grant access to objects of specific owning groups.
Relationship |
Property |
Value |
---|---|---|
SPFAccessGroupMethod |
Filter by owning group |
Must be set to OwningGroup or OwnerOwningGroup. |
SPFRoleAccessGroup |
Owning Groups |
Must be set to include the owning groups of any objects for which the methods will be available and exclude any owning groups for which the method should NOT be available. |