Ever wanted to have a single discussion board with threads accessible only to certain audiences?
It was something that we wanted and I was very close to changing the IA model such that a new discussion board is created for each thread just in order to get around a simple permissions issue. I say simple because the solution is simple once you know what it is.
Imagine the scenario where users can see a discussion board but must only be able to contribute to particular threads based on their permission levels. The obvious solution is to give users (groups) contribute access to individual threads. My initial thought was that the ‘limited access’ provided at the list would be enough to allow users to reply to those threads at which they have contribute access. In fact, even if a user has read access on a discussion board, and contribute access to a given thread they will still be denied access when attempting to reply. With a little thought, it’s really quite clear why this doesn’t work. A thread is just a folder and a reply is actually adding a new item to the list.
The key here is the ‘View Application Pages’ base permission. This base permission is provided first with the contribute permission level. In order to make the above scenario a reality you must give users this base permission. This can be achieved by creating a new permission level (e.g. “View Forms”) and binding it with ‘All Authenticated Users’ to the discussion board. I found it most appropriate to perform this action with PowerShell, I can include the script in the post if someone requests it but I think it’s pretty straight-forward.