Can I use the workflow to query the unique permissions on a list item?
My workflow breaks the inheritance on a list item and resets the item permissions for the Owner's group (full control) and the Created By (contribute). Then as it loops through the approval list, it gives contribute access to each approver (added to a variable via collection operation). At the end, it gives read access to the Created By and the approvers.
The problem is that if the Owner's grant one-off permissions to an item, I need to be able to keep that person on the item and give them read access. Because they were manually added outside the workflow, they are not in the permission variable. When I reset the permissions at the end, the one-off is removed.
Is there a way the workflow can query the permissions on an item based on permission level (contribute)? I'd like to get those results, save them in a variable, and set permission based on that variable.
If that is not an option, what is a good alternative? Can I create a special permission group just for that unique item at the start of the workflow and then add everyone to the group? Then if the site owner needs to grant someone access, they can add them to the permission group, which they should have access to.
Thoughts?