Applies to: Event Management for Office 365/SharePoint online
The following article should help you understand how permissions can be configured in an Event Management site.
In this article:As in any other SharePoint site, your SharePoint administrator controls what users can see and what they can change.
So let me first explain how SharePoint handles permissions in general. If you are already familiar with this concept, please skip the next section and continue with Permissions in an Event Management site.
Understanding permissions in SharePoint
Permissions inheritance
An important concept to understand is permissions inheritance.
A site collection can have multiple sites, a site can have multiple lists or libraries, a list or library can have multiple items or files. A list or library can also have sub folders containing items or files or other folders.
By default, all the sites, lists, folders, files and items in a site collection inherit the permissions settings of their parents, but you can stop permissions inheritance and change permissions settings on all levels. Permissions can be changed directly on a specific site, list, folder, file or item.
SharePoint Groups
A SharePoint group is a set of users or AD groups. You can assign specific permissions to a SharePoint group at any level (site, list, item …). By default every SharePoint site has the Owners, Members, and Visitors group. Visitors can read, Members can edit and Owner have full access on the site and all the inheriting objects below.
Permission Levels
Permission levels bundle permissions. By default, every site has default permission levels like Read, Contribute, Edit, Design, etc. with specific permissions like View Items, Add Items, Edit Items, etc. You can view the available permissions level and the included permissions if you open site settings, Users and Permissions/Site permissions/Permission Levels.
It’s also possible to create custom permission levels in the root site of your site collection.
Permission levels can be assigned to SharePoint groups or users at a specific level (site, list, item, …).
To learn more about permissions in SharePoint, please read the following: https://docs.microsoft.com/en-us/sharepoint/understanding-permission-levels
Permissions in an Event Management site
As in any SharePoint site, administrators can also configure permissions in an Event Management site. By default, permissions are configured as described below. If you have different requirements, please feel free to set permissions differently.
Site, List and Item permissions
By default all SharePoint groups (members, visitors and owners) have their default permission level assigned on the site level and all lists and items below. This means visitors can view everything, members can in addition create, change and delete items and owners have full access.
Enrollment list
In the enrollment list all users also have the permission to add items. The list has unique permission (broken permission inheritance) and the visitors group also has the Contribute permission level. This is necessary to allow visitors to enroll themselves in topics and scheduled events.
The members group also has a custom permission level called ViewAllEnrollments assigned. This permission level includes ‘Override List Behaviors’ and is required to make sure members can view all enrollments if ‘Item Level Permissions’ are configured in the enrollment list (see Item-level Permissions for more details).
If you want to allow visitors to create enrollment, but not to delete them, please create your own permission level and assign it to the visitors group instead of the Contribute permission level.
For Organizers page
The ‘For Organizers’ page also has unique permissions and the visitors group doesn’t have permissions there. This means that members of the visitors group don’t see the ‘For Organizers’ item in the left navigation.
For Administrators page
The ‘For Administrators’ page also has unique permissions and the members and visitors group do not have permissions there. This means that users that are only members or visitors don’t see the ‘For Organizers’ item in the left navigation.
For Organizers item in the ‘Promoted Links’ view (Classic Experience Only)
The item ‘For Organizers’ in the list ‘Promoted Links for Event Management’ also has unique permissions and the visitors group doesn’t have permissions there. This means that members of the visitors group don’t see the ‘For Organizers’ item in the Tiles view. This is only applicable if you use the Event Management using the classic SharePoint experience.
All the other lists and items in an Event Management site inherit permissions from the website.
Customizations
In the following section I would like to give you some tips on how to change what users can view or change.
Only show specific events to users
Example 1: Open and closed events
If you want to decide per event if an event should be open (all users can enroll) or closed (only organizers can enroll users), please use the ‘Online Enrollment’ column. This Yes/No column is not visible in the event form by default, but you can add it to the EVMEvent content type to make it visible. If ‘Online Enrollment’ is set to No, only organizers (users that have permissions to edit the event) can enroll users. All the other users are not allowed to enroll.
You can also change views in the Scheduled Events list and add the following view filter to make sure users don’t see ‘closed’ events.
Online Enrollment is not equal to No
Online Enrollment is not equal to No
Example 2: Target audience
You also have the option to limit the visibility of events to specific users or groups using the user and group membership query. For this example you can use any People or Group column that you have added to the Scheduled Events list. In this example the internal column name is ‘TargetAudience’. Please note that this is a custom column you have to add to the list first. Add the following view filter to the upcoming events view that is visible to attendees. The Query cannot be configured using the SharePoint UI, but you can open the view in SPDesigner and change the query in the XML definition directly or update the view query using PowerShell.
<Where> <Or> <Or> <IsNull> <FieldRef Name="TargetAudience" /> </IsNull> <Membership Type="CurrentUserGroups"> <FieldRef Name="TargetAudience" /> </Membership> </Or> <Eq> <FieldRef Name="TargetAudience"/> <Value Type="Integer"> <UserID/> </Value> </Eq> </Or> </Where>
<Where> <Or> <Or> <IsNull> <FieldRef Name="TargetAudience" /> </IsNull> <Membership Type="CurrentUserGroups"> <FieldRef Name="TargetAudience" /> </Membership> </Or> <Eq> <FieldRef Name="TargetAudience"/> <Value Type="Integer"> <UserID/> </Value> </Eq> </Or> </Where>
If you use this query, events are visible to the user if no target audience is specified or the user is part of the specified target audience, either directly or as part of the SharePoint group or AD security group.
Example 3: Different categories
You can also create multiple views to show different categories of events. The Scheduled Events list already contains a Category column that you can use. If you want to use different values, change the column and use different choices. Also make sure the column is added to the EVMEvent content type.
In the left navigation you can have one link per category that displays a filtered view. You can also use this approach to only show specific event categories to all users.
If you use the classic SharePoint calendar view, you can also use the calendar overlay feature to display different categories in different colors.
Example 4: Power Automate
Learn how to use Power Automate to show events to a specific target audience
Item-level Permissions
In the ‘My Enrollments’ view in the ‘For Attendees’ section users only see their enrollments because the view uses a ‘Enrolled user is equal to [me]’ filter. If you want to make sure normal users don’t see any other users’ enrollments, you can in addition also use ‘Item-level Permissions’.
Open the list settings of the Enrollment list, click on ‘Advanced settings’ and select ‘Read items that were created by the user’ in the ‘Item-level permissions’ section.
If read access is limited to items that were created by the user, users can only see the enrollments they created. Since it’s also possible to enroll users on their behalf as an organizers, this would mean that users don’t see enrollments that someone else created for them. To make sure user see all their enrollments, please open the Event Management app in site contents and click on ‘Change Settings’. Now click on ‘Enrollment management’ on the left and select ‘Yes, change the author’ in the ‘Visibility of Enrollments’ section. Please note that this section is only visible if item-level permissions are enabled in the enrollment list.
If this is enabled, the enrolled user is always set as the author of the enrollment. This means that users from now on also see the enrollments that have been created on their behalf. Please note that this will not affect existing enrollments.
As described in the advanced list settings, users with the Cancel Checkout permission can read and edit all items no matter if ‘read all items’ or ‘read items that were created by the user’ is selected. To makes sure organizers can see all users, organizers need the Cancel Checkout permission in the enrollment list. As I mentioned already in Permissions in an event management site, the members group has a custom permission level called ViewAllEnrollments assigned. Since this custom permission level contains the permission ‘Cancel Checkout’, we already made sure that organizers can view all enrollments. If you use a different organizer SharePoint group, please also assign the ViewAllEnrollments permission level to this group in the enrollment list.
Item-level Security
If ‘Item-level permissions’ as described above is not enough for you, you can also use item-level security. For example if you only want to allow specific users to view enrollments based on a column in the Scheduled Events list. This means you have to break the permission inheritance for each enrollment and set unique permissions. Doing this manually in the SharePoint UI is of course not applicable. This means we need to set this automatically depending on various conditions. One way to achieve this is by using Microsoft Flow.
Please also note that we do not recommend this approach if you expect more than 5000 enrollments per SharePoint site. This is not a hard limit, but your site will get quite slow if you have more than 5000 items in a list or folder with unique permissions.
Another example would be to set unique permissions in the Scheduled Events list based on a user or group column like Organizer or Target Audience.
For this example I prepared and exported a Microsoft Flow that you can use to set unique item-level permissions per event.
The Flow runs when an item is created or modified and permissions will be assigned as follows:
- The site owners group still has Full Control access to all events
- The site visitors group still has Read access to all events
- The users or groups specified in the Organizer column have Contribute access
You can download the flow here, open Microsoft Flow/My Flows, click on Import and selected the downloaded zip package. After the import you have to update the SharePoint connection, edit the flow and make sure it uses the correct SharePoint site URLs, list names and group names for site owners and visitors.
You can also use this Flow as an inspiration to set permissions depending on your requirements.
Links in the navigation
It’s not possible to configure unique permissions for items in the navigation, but if the user doesn’t have permissions to view the linked content, the link is also not visible. If you display a link to a site page for example, the item is only visible to users that have permissions to view this page. As described above in ‘Permissions in an Event Management site’ the visitors group doesn’t have permission to view the ‘For Organizers’ page. This is why the ‘For organizers’ link and all links below don’t show up in the navigation for site visitors.
If you want to add other pages that are only visible to specific users, please create a new site page and change the permissions. Open the site pages library, click on the … menu next to the new page, click on Share, … Manage Access and Advanced. Now click on ‘Stop inheriting permissions‘, select the groups that should not be able to view this page and click on ‘Remove user permissions‘.
I hope you found this information useful. If you have any problems or any other questions, please send an e-mail to [email protected].