Solved

Access Denied when re-saving a submitted form

  • 1 June 2017
  • 3 replies
  • 149 views

Badge +5

I'm getting an error message "Access denied. You do not have permission to perform this action or access this resource" when a person tries to save an edit form.  The sequence is as follows:

  • User creates new item and submits it, kicking off a workflow
  • workflow then removes all existing permissions, grants the submitter Read permissions, and grants the NextUser FullControl rights on that item
  • NextUser receives email to action the form
  • NextUser clicks on link, views form, clicks on Edit button, and can edit the form
  • NextUser then clicks on Save button (top Nintex ribbon), and form goes away to have a little think about it.
  • Edit form re-appears with the error "Access denied. You do not have permission to perform this action or access this resource" along the top.  NextUser can only Cancel out of form.
  • Note that the original workflow is still active as there are additional steps to be completed.  What should happen is that NextUser completes the edit, then responds to Lazy email with 'Completed', and workflow continues.  

 

Any ideas?  Thanks in advance,

Cheers,
Gerard

icon

Best answer by shaneoss 11 April 2018, 03:48

View original

3 replies

Badge +7

Is your workflow configured to run "On item creation" AND "on item edit" ?

If so, what could happen is that 2 instances run at the same time :

Instance 1 :

- user 0 create, then gets ReadOnly rights

- user 1 get Contribute rights and can edit

-  user 1 edit and save

THEN instance 2 starts :

- user 1 is now considered as the "Initiator" of this second instance

- ....so workflow set him to "Read only" authorization 

Badge +5

No, workflow is set to 'Start manually' and 'Start when Items are created', not 'Start when items are modified'.  We've also found if the 'Remove permissions' task is disabled, and 'Add full control' to NextUser is enabled, NextUser still cannot save.  Edit is available but save fails. 

Badge +5

I had this very similar incident today. I found out the problem too.

We have a list where users can Contribute. Once the workflow runs it removes permissions for items and then reset based on list metadata at submission. For the next person to come along and do their bit and re-save etc.

We also had enabled Item-Level permissions for the list (Advanced Settings), Had "Read all items" enabled and "Create items and edit items that were created by the user" enabled.

Item-level Permissions

Specify which items users can read and edit.

Note: Users with the Cancel Checkout permission can read and edit all items. Learn about managing permission settings.
Read access:   Specify which items users are allowed to read

Create and Edit access:   Specify which items users are allowed to create and edit


So the workflow runs, sets the permissions, the next person has Design access so can see and Edit the item. But at the time of saving the item. The user gets access denied on the list.

Turns out with Item-Level permissions enabled for Create and Edit access enabled.

At the List Level - The second user doing the re-saving requires the following right.

Now if your setting permissions at Item level. The second user has sufficient access (Design has Override List Behaviors right) for the item but not at the list level.

So the fix is to disable Item Level permissions in Advanced Settings as it's not required as your customising permissions at Item Level with the workflow. Users can then re-save providing they have access to. Or you can grant the "Override List Behaviors" right to the person(s) doing the saving second time around that isn't the Creator at the List Level.

Reply