Skip to main content

Hi,

One of business requirements is to grant Initiator Read permission only, while approval chain is in progress. Everything seems fine so far until I just found that Initiator has an access to "Workflow Tasks" and also "End this workflow", when I expected Read permission would have prevented it.

1. Workflow Tasks: Initiator can click on the link "1st approver's task" above and can actually Approve / Deny it (not good!). I understand that the task list exists outside my current list, so I wanted to change Initiator's Permission on this task list, but I cannot figure out filling in "list name".

 

I could control on Task Form to disable inputs from Initiator, but I'm looking to disable it with Item Permission.

 

2. "End this workflow": Initiator CAN end this workflow (again not good!) Can I hide this link?

 

Thank you,

-Naoko

Hi ‌,

The screenshot shared shows task created to Test Manager,  is it an SP group? and how the initiator end up on this page?

Below are the steps to update Initiator permission on the task list item (to answer your 1st part of your question):

1. Capture the task id in a variable

2. Update the Item Permission as shown below


To manipulate with created tasks permissions (because you can have more then one while using Start task process action) you can follow this post (and also my answer at its bottom ): https://community.nintex.com/community/tech-blog/blog/2016/09/06/linkin-tasks-or-how-to-get-that-pesky-task-item-url.

The second thing: Customization of the workflow status page - this layout is fixed. Nothing will be hidden. You can achieve it using CSOM code. Also - if you revoke initiator permissions to the item on which the workflow runs, he should not be able to terminate it (haven't checked it however).

Regards,

Tomasz


Chaitra,

Thank you for your comments.

Users in my site is user account, not SP group. He was able to access Workflow status page from URL link as below:

Yellow: User has Read permission only

And following the arrows, he is able to terminate WF...

On your screenshot #2, how did you populate "list name: Workflow Task"? Did you type it it? I typed "Workflow Task" and "Workflow Tasks" but workflow got stuck at this action. Or did you populate it from Advanced List Lookup, and if yes how did you fill in 'field' 'when' and 'equal'?

Because User accessed workflow status page from workflow URL column, i could simply hide this column from View, but we intend to keep this link for User to view Workflow logs. Just didn't expect that User was able to respond to task or terminate workflow.

Form also contains logs for user to view, but it's a short version, and we kept both short ver and detailed ver.

-Naoko


Hi Naoko Saiki‌,

Yes, the list name: Workflow Tasks and field ID were typed and not populate. With this configuration was able to successfully execute the workflow.

Refer to http://help.nintex.com/en-US/O365/Default.htm#cshid=NL927A6553557448718437CFDA3BF2F8DC  for more details on.


Hi Tomasz,

Thank you for the reply.

I struggled a lot but your link helped me understand the relation between current list and WF task list. The only thing is that the link was for On-Premise so I had to look for substitution, but in the end I was able to pull out what I wanted to accomplish.

numTaskID as a stored variable of Query result is saved as Collection type in O365, which gave only 'equal' or 'not equal to' condition parameters. So I used "Set Variable to create my numTaskID instead of "Query".

Using numTaskID, I was able to update task list permission and User has no access to terminate or process the task.

Thank you,

-Naoko


Chaitra,

Thank you.

I was able to use Update Item Permission to correctly limits the access to Workflow Task list for user.

After that, I found that I also need a parallel flow to grab task ID to activate the permission before Manager completes the task.

It was a lot of testing for me, but definitely helped me!!

Thank you,

-Naoko


Reply