Hello!

I have a sharepoint list where I need to break permission inheritance per item (every time a item or form) is submitted). When a user submits an item the workflow runs like below…

Nintex O365 workflow is used
Nintex O365 Forms (responsive) is used

The current setup that I’ve applied is that the workflow will:

• have variable of the people that created, approved or requested the item.
• update item permissions: inherit or remove permissions = NO, next a security group will be applied with contribute rights
• update item permissions: inherit or remove permissions = NO, another security group will be applied with contribute rights
• update item permissions: inherit or remove permissions = NO, Created By, Approved By and Requested By will be reapplied to the item w/ contribute rights.
• update item permissions: inherit or remove permissions = NO, Group Name: Everyone except external users is completely removed.
• the rest are just logs to capture if this is actually applying or not.
  
  My issue is that my workflow works when the next item is created but it seems to affect all the rest that was created before and either add other names and or other groups… but I’m not sure how its grabbing them? 

Here is what’s in the inside of the 2nd variable (Set SPS Security Group Variable) listed above for the permission control below…

Here is the inside of the first item permission control (ADD SPS Security group item permissions) and basically the same for the rest of the item permission controls. Only thing that would be different is the “Target” and “User or Group Name” sections.