I have a Workflow that is using an Approval Task. For the form, I edited using "Edit Task Form" and added some branding.
The problem is, even if UNASSIGNED users try to access the form, they can respond to the Task Form. For example, the Task has been assigned to UserA, UserB can open the task and do "Approve" response.
I checked permissions and they are only using "Contribute" permissions to the Workflow Tasks list.
I believe the correct behavior would be that Unassigned users cannot response to the Task Form.
Is this a bug? Or is there a way to fix this?
Solved! Go to Solution.
Unfortunately it's not a bug in O365 this is how it's designed. There is no such functionality as you know from on premise.
And yes, the workaround is to use "office 365 update item permissions" action, in a parallel branch, to update/ set permissions of the created tasks.
Read this post for the beginning: https://community.nintex.com/community/tech-blog/blog/2016/09/06/linkin-tasks-or-how-to-get-that-pes....
The issue has also been discussed somewhere on the forum already
That is pretty unfortunate; this seems to be the ideal / correct way. It seems to be counter-intuitive that people who aren't "Assigned" can still approve / reject items.
I did a workaround on my Forms. What I do is store the approver in a variable and check against Current User. If current user is not approver, then I disable the controls using a Rule.
However, this stops admins / delegation from working as well. This is for SharePoint Online.
I was trying to find "AssignedTo" field in the Task Form but it can't be accessed.
well, you can extend your rule in form not only to check if current user is the approver, but also if is a member of ex. the admin group or something
I do like this approach with permissions as it is more trust worthy