Hi Christine,

As no one has replied on this one, I am assuming you still are looking for options..

I could probably think of the following 3 ways depending on which could be the easiest option for yourself.

1 option ] In your TaskForm the single line text box (which captures the user input as password) you could change the Advanced settings -> Password = true

With this the password would be "masked" when you view via the workflow task form (once it has been action-ed by the user). The caveat to this is you could still go to edit source (of the completed task form) and in the source you could see the password. So this approach is not completely fool proof but for a casual user this might be okay.

Further this is the simplest approach and I believe the password (which may be generated by the windows user) generally would have "the change password at next logon" checked so hopefully the password would have been changed by then. Its not the best option but the most simplest.

2 option ) After the approval and sending of the notification you could query the workflow task (or start another workflow to be sure the data is committed) and query the task and remove the password from the form element (column name is form data) of the workflow task. Its generally stored as XML so you would have to be careful only to remove the password bit or the entire task for will not show up. (Not sure if you even want to view the task form after the mail has been sent or better off delete the workflow task when the task is completed - if auditing is not key in your organisation). Again if the workflow does not have access to its own task form, you would need to spin off a secondary workflow to do the cleanup bit.

3 option ) In this you might have to take a different approach and separate the password capture from the notification bit. You could create a new list just to capture the password /username and security trim it depending on who can edit etc. You could then run a new workflow which just reads this list and sends the password to the user. This would ensure that your password list is blocked from all the users and only elevated privileges (like the workflow) could read and send it.

Regards,

Shrini

Thanks Shrinivas Naik‌ for the detailed explanation and options. I'm inclined to try option 1 for now (just because the amount of time I have left to complete this workflow). Also, it just happened yesterday that the stakeholders changed the requirement for the permissions on list item to be only viewable by the person who requested it who is mainly the person getting the email with the password. (and of course only IT people have full control). Since the users are actually just test driving Nintex/workflows/approvals, they are so eager now to go back into the task forms and see what is actually been tracked on each step. So to avoid all the anxiety of having an "initial password" display in clear text, along with the granular permissions added on item level, I think option 1 would be perfect. I'll give it a try and let you know how it goes.

Thanks again!

Hi Christine,

Glad could be of help, Please also be aware of granular permissions on SharePoint when we try to set item level permissions on SharePoint it causes performance issues once the size of the list goes very big.

Just to keep that back of you mind if the requirement is for item level permissions .. you could still archive the results though.

Best practices for using fine-grained permissions in SharePoint Server 2013 

-- Please can you mark as answered if it solves your problem as it might be helpful for people searching for similar questions.

Regards,

Shrini