Change permissions after a form is submitted

Hi @jpacheco,

This is the action you would use to accomplish this scenario,

To remove the inherited permissions for an item, you need to make sure in this work action that the “Inherit permissions from parent” setting is No and the “Remove existing permissions” setting is Yes. You will then have to set the Target to a user or group, select the user name or group (insert reference to item properties), and set the Permission level. If I remember it correctly, you might have to configure this same action multiple times, one for each user and group you need to set permissions for. 

Also, make sure the Filters section is configured with the “Update items only when the following is true:” option is selected. Then configure the rest of the Filters section under “Update the items when column” settings, in which you typically will use the ID of item the workflow is running on.

Here is a link to the help documentation for this action: Office 365 update item permissions (nintex.com)

@bamaeric ,

Thanks for your response! So, I did your recommendation (as much as I understood) but my workflow suspended and I got the following error msg.

If you see, too, there are dashes that separates the variables “matched”, “ID”, and “itemURL” in that order and shown below...

I created two instances one to manage the GROUP and one to manage the USER.

In the GROUP permissions settings, I have the following configured within the first control…

For the USER permissions control I also have the following…

Couple of questions.

Which workflow action does the workflow fail on: the add group or add user?

Is the group you are trying to add a SharePoint group or an AD group?

The error message in you first screen shot seems to suggest that the query cannot find a matching item in the list.

@bamaeric,

I disabled the USER control and it seems to be failing on the GROUP control but then I reversed that and the same happens to the USER control as well.

The GROUP is an AD Group.

Could this msg be because I’m running the controls too early in the workflow (placement of controls in WF)? Should I create a separate workflow or am I missing something else?

I know you can add permissions to SharePoint groups with this action, but I do not think you can add AD groups to site permissions. I am not 100% sure about that, so maybe someone else can verify.

If the update permissions action for the user does not work, I still think that the issue is with the filter query not finding a match based on the error message you displayed. Try adding a test action like a Run If action with the same conditions configured as the update permissions action and add a “Log in history list” action inside. This will help you see if the condition returns a true or false result.

@bamaeric ,

Hello!

Ok, I went ahead and created a separate WF and used the following controls…I disabled the “IF” control as well as the “Permissions” control to log the title once its captured at the beginning and to verify its capturing it, and it is.

But when I go to enable the Run If control, I continue to get the same msg…I changed up the info in some areas and I also wanted to see if I could just add the domain/user in the “user or group name” section… but I don't think it's even getting that far?