How can i restrict the Initiator's edit right without affecting the workflow?

  • 17 January 2017
  • 4 replies
  • 9 views
V
Badge +1

   I have to implement a multi step approval process that lets the initiator have the option of modifying the document only in the first step before a flexi task. Afterwards, he must not be able to modify anything at all. He should be reinstated with the edit right towards the last steps for he should be able to approve a flexi task.

   How can I restrict his edit capabilities without crashing the workflow and without using a loop on a parallel branch for each step to check from 10 to 10 minutes if the document was modified by the initiator and go back to step 1? (this would be highly unsavory since the end product will be used to handle thousands of documents and all that looping will send the whole site to a crawl..)

PS: I'm fairly new to SharePoint and Nintex, only started ~ 1 month ago.

4 replies

E
Userlevel 5
Badge +14

have a look on 'set item permissions' action

V
Badge +1

I have already tried using it. If I set "read" permission for the Initiator, the workflow fails because there is a state machine that changes states (steps) based on flexi tasks oriented towards approving or sending back the document in different steps. And from what I've read the workflow inherits the permissions of its initiator and when someone approves a task (flexi task in this case) the workflow needs to write that down somewhere deep in the document, thus it needs edit and if the initiator doesn't have it, neither does the workflow so it crashes. sad.png

I also tried the options at the bottom of the flexi task (Item Permissions) hoping that they would lock the item for usage just by the designated approvers, also failed. sad.png

E
Userlevel 5
Badge +14

that's all correct.

but in scenarios like this it is good practice to run workflow with privileges of a dedicated service account (not system account).

so you need to

- design the workflow so that after it is started by an initiator, it impersonates to service account. use 'action set' workflow action and its capability 'run as workflow owner' for that purpose.

if you have simple workflow, you can move all the action into action set. if it is complex one, I would suggest to create small 'starter' workflow with just action set and 'start workflow' actions within action set which would start that complex (main) workflow

- publish (main) workflow from within service account

have a look on following links that discuss the same topic

How to prevent user from editing list item if the workflow is still running? 

 

V
Badge +1

Thank you VERY much! The action set did the trick! Eliminated the project stopper.

You are awesome!grin.png

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings