Workflow Could Not Update Item: Access Denied

C
Badge +4

Hi, I recently added permission groups to a workflow, and ever since, users have been receiving the following error message:

      The workflow could not update the item, possibly because one or more columns for the item require a       different type of information : Access Denied

All I understand at this point is that it is a permissions error, and it must be something to do with the level of permissions that the initiator has because this error doesn't occur for me whenever I initiate an item.  (I included myself in all of the 'Set item permission' actions.)

The 'MCR Workflow Error' attachment shows a snippet of the workflow where the error occurs...

Here is some more information on the permissions that I have set-up:

  • I set-up a number of SharePoint Groups in the TeamSite, each with Member level access (i.e. can do all but delete items).  (See attachment 'SharePoint Permissions'.)
  • I have added these SharePoint Groups to 'Set item permission' actions to the workflow where appropriate.  (At the beginning of the workflow and then at the start of each State Machine branch.)
  • The 'Set item permission' actions are configured to allow the user Full Control.  (See 'Nintex Workflow Action'.)

I hope someone can help to resolve this issue  happy.png

Thank you,

Christina.

23 replies

C
Badge +16

Can you try adding commit pending changes?  it could be the order in which these are applied.

Also instead of having multiple set field value actions have you tried instead using one update item action?

P
Userlevel 4
Badge +12

Hi Christina,

as long as your initiator is a member of the group Asset Maintenance Function - Offshore the update should be possible.

If you try to update the item manually using the credentials of the workflow's initiator in your scenario, does the update perform as expected? Otherwise you could try to add a test user to the group mentioned and try the update with that user instead.

Kind regards

Enrico

C
Badge +4

Hi Cassy,

I've never used the Commit Pending Changes action before...  Where would be a good place to put this?

I used to use the multiple update item action but I'd forget what was in there so found it easier to separate them all.  Can this cause problems?

Thank you happy.png

C
Badge +4

Hi Enrico,

In this scenario the initiator is a member of the group, and the error is still occurring.  In another scenario, I had someone initiate a form who wasn't in that particular group and they couldn't get passed the previous branch.

I've never had this issue before with previous workflows so I'm a little confused why it's happening.

Thank you happy.png

C
Badge +16

Hi

It's all about this concept:

This is taken from Caroline Jung‌'s InspireX 2017 presentation on permissions in Nintex (it's an excellent read if you get a chance the whole presentation can be found here:  https://vimeo.com/207548019 and https://www.nintex.com/-/media/files/resources/events/inspirex-2017/managing-permissions-when-a-workflow-is-executing.ashx)

So I would say add a commit pending changes after a set field and before a set item permissions.  See if that helps any?

I wouldn't say your approach will cause problems but update item would slimline it - it's whatever you are most comfortable with at the end of the day.

P
Userlevel 4
Badge +12

Hmm, as long as the user was in the correct group the error must have been caused by something else.

In this case I'd go with ‌s advice and would try to reduce the item update operations by adding all fields to update in a single item update action and see if the behaviour changes.

Kind regards

Enrico

S
Badge +8

Just bear in mind that Set Item Permission Action overwrites existing permissions and you need Contribute permission in order to run workflows.

C
Badge +4

Thanks, Cassy.  I'll give this a try and come back to you...

And thank you for the additional links grin.png

C
Badge +4

Thank you for your help happy.png

C
Badge +4

Thanks for your reply, Shaikha.  I have updated the workflow set item permissions to include the Initiator with Guest access, but it didn't resolve anything.  I don't have the Contribute option available to me.  Is this new and I'm on an older version perhaps?

If I start the workflow manually then everything works fine so I can only think that it has something to do with the SharePoint Groups that I've added, but not sure how to resolve this.

L
Badge +9

Hi Christina Gateley‌,

May i know when did you create the SharePoint groups, before your list creation or after? Please check the list permissions whether that new group is added to your list or not. If it is added try to stop inheriting permissions from parent site and again set delete unique permission from list permissions as your wish.

And try to modify the workflow as Cassy mentioned and test it.

Thanks,

Lakshmi Narayana C

C
Badge +4

Thanks, Lakshmi Narayana C,

I created the SharePoint Groups AFTER I created the list, and just realised, I hadn't thought to add them to the list.

I'm currently condensing the set items into item update actions and fingers crossed all of these updates will resolve the problem... I'll let you know.

Best wishes,

Christina.

C
Badge +9

Hi Christina,

Can you be more specific on the Member permission level by providing a screen shot, please.

C
Badge +4

Hi Christophe,

If I open up the group to check the permissions the detail isn't visible, but I can show you an example of how I set it up and what Member permission level looks like...

Member Permission Group

Thank you happy.png

C
Badge +4

Sorry, I can check the group permissions; here is another screenshot...

C
Badge +9

Now the question I have is

Can someone with edit access can give full control to an item?

For a security point of view, this does not make sense.

I believe you have Full Control on the Site.

C
Badge +4

Hi Cassy,

I tried the things that you suggested but I'm still encountering the same error issue.  I can only think that the error lies in the SharePoint Groups because the workflow works fine for me, it's just people who are included in the Group that are receiving the error message.

If you have any ideas than that would be great happy.png Thank you

C
Badge +4

Hi Christophe,

I am the site administrator and only people who are included in the SharePoint Group should have full control access as appropriate.  It is this Group of people who are receiving the error message and the workflow is terminating unexpectedly.

S
Badge +8

Have you tried wrapping your Set Permission Action inside an Action Set and configure the action set to run as the workflow owner? This might work. 

C
Badge +9

Hi Christina,

So, to make sure I understand it well, you want to give Full Control access to this item to this Asset Maintenance Function - Offshore SP Group?

If yes, what is the purpose of giving them Full Control to the item. To be able to delete it?

C
Badge +4

Hi Christophe,

Yes, for testing purposes I want to be able to delete items, and then when the process goes live the permissions will be set to Member.

Best wishes,

Christina.

C
Badge +4

Hi, no I haven't tried this.  I will give it a go and see how it works!

Thank you,

Christina.

C
Badge +4

Sorry for the late reply but just to let you know that this solved my issue.  Thank you!

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings