I have the following requirement :
- A user initiate a workflow to validate a document
- The validation task should be send to 2 SharePoint groups except this user
The user must be in one of those 2 groups.
How can I exclude him from validation process without excluding him from the SharePoint group ?
Thanks in advance for your feedback.
i can't think of an out-of-the-box way to achieve this. One idea would be to query all members of the group in your workflow and save the members in a collection. You can then loop through your collection and assign tasks, if the current group member is not the initiator.
The problem is, that normally when you assign a task, the workflow is stopped until this task is completed and then continues. Which means it is not good to assign a task in a loop for that group if that group contains more than about 10 people, because your workflow would probably take very long to assign all tasks.
My recommendation would be to either change the SP-Groups (which is useless if the initiator can be any member of the group) or just assign the initiator the task as well, but maybe someone else has a better idea. Of course you could write your own web service to perform whatever you imagine, but this is way too much effort for the little value added if you ask me.
I agree with Phillipp here. The easiest way would be to have the task sent to the initiator as well, but exclude the initiator from being able to submit the subsequent task form via your form rules. You could include a message in the task notification to indicate that the initiator can ignore the task.
We are doing exactly something like this in our 'request permission to enter zone'.
We have 2 groups: 'requesters' and 'approvers'. (If requester is not a word, i'm making it so for the duration of this post)
Any person from either group can be in the other, but does not have to be. In order for the system to be secure you can't have user1 requesting an entry, and approving it himself.
So how we work is: (And it's not a clean method, I know, but we didn't find a way around it)
First of all, we work with item permissions on this list. (Yes, we know, security scopes)
For each item that has yet to be approved/rejected, we populate an SP-group with contribute-no-delete rights in the listitem with all the people from the approversgroup excluding the initiator/requester. After the request has been completed the created groups are deleted, and everyone reverts back to simple 'read' rights.
Populating those groups can be done from a webservicecall if i'm not mistaken.
Now this is just how we work in a nutshell, because working with the permissions is still going to be a challenge. But you need to consider a strong policy in cleaning up those permission groups, or your farm admins are going to hang you.