cancel
Showing results for 
Search instead for 
Did you mean: 

Those pesky item-level permissions

Automation Master
Automation Master
1 0 219

I have come across this issue a number of times in the past and more recently forgot this could be a root cause - so want to share the knowledge and also link my uservoice suggestion to this post...

 

Scenario

Someone in the company wants to add a suggestion to the suggestion scheme.  This could be sensitive or not, so the permissions are determined for each suggestion in the workflow.  For those that are not sensitive, the suggestion is open to all.  For those that are sensitive, the suggestion is open only to the investigating team.

 

Issue

The suggestion goes through an approval route.  It is first assigned to a team of reviewers (SharePoint group) who can approve and choose an "Investigator" using a people picker on the approval task.  This updates the underlying list item, completes the review task and assigns an investigation task to the selected investigator.

Note - this workflow was developed by a previous analyst who has since left the company, so was picked up by myself when an issue was encountered.

During testing with my owner permissions everything was going swimmingly.  I could not understand why users could not respond to a task.  Every time they did they were faced with "Sorry, this site hasn't been shared with you".

 

Investigation

I raised a support ticket with Nintex who asked if i deleted the task form could i respond, and yes I could.  But I needed to be able to add the investigator so this was not a help.  I tried many things but every time I added anything from the list item into the task form it broke in the same way.

I was so frustrated as the user DID have permissions to the site, the list and the item.  I checked permissions at all levels.  All fine.

After two weeks of hitting my head against a brick wall and at the point of raising a ticket with Microsoft it hit me...  the blasted advanced settings in the list!

AdvancedSettingsPermissions.png

List settings > Advanced Settings > item-level Permissions

"Create and Edit access" was set to "Create items and edit items that were created by the user"

I restored the workflow and task forms to their former glory and changed the above setting to "Create and edit all items" and BOOM - all working.

Now, I should know better...  this has definitely bitten me before, many times, in the years that I have worked with Nintex.  Had I done this solution I would have known this wasn't an issue, as I wouldn't have changed those settings, but as I hadn't it didn't even occur to me that these would have been changed from the default.

 

Lesson

If you are finding that the permissions you set inside a workflow are not being honoured, check these settings!

 

Suggestion for Nintex

When in the workflow designer and the set item permissions action is being used, highlight to the developer that these are pointless as the list advanced settings will override.