Set Item Permissions - Access denied when going against another list, works fine on current item.
Hello, I have the following scenario
When users save the Orders list item and put into submitted state Nintex custom approval workflows run. At this point I need to set item permissions to Read Only for the user who created on both the Parent(Order) and all Childer(Items).
The workflow runs as the user who created and they have the same permissions across both lists.
What is the best way to set permissions against another list from a single workflow? Why can I select to "Set Item Permission" on another list if its not running the same as against current item? This is confusing and was difficult to track down.
My initial thought is too call the item workflow via web services. Just trying to find out if this is a bug, documentation error, or issue with my implementation
Solved! Go to Solution.
What if you were to change the order of how you were setting the permissions. I.e. apply permissions to the Items fist then the Orders? You also mentioned these lists are linked, via a lookup column? If so I wonder if that has something to do with it.
An easy out is to put the Set Permission action in an Action Set. An Action Set on the main node of the workflow ((i.e. not nested with-in another action set) has the ability to execute everything inside it under the context of the person who published the workflow. Would this help?
I tried changing the ordering already with no effect on the error.
Also, I think the lookup column is not an issue here. I am using the lookup to get a collection of items but then using the ID to get individual item for Set Item Permissions update. Refer to the attachments to see my settings on Item list in Set Item Permissions step.
I'll take a look at the action set, I hadn't seen that before and sounds like a good option. Will let you know how that works out.
The action set is a good work around for me. We are going to setup a Nintex Workflow account similar to a service account to publish workflows that will need elevated permissions and action sets.
Had missed the little checkbox previously when reviewing action sets to "Run as workflow owner".
This would seem good work around to many issues like updating the item after setting the user to read only permissions. I see many solutions recommending to call the web service for this type of update but Action Set seems much simpler.
Thanks for the help!
That is a great idea of having a service account to publish your workflows an one I am entertaining as well. One issue you may run into is if you have a team building workflows, is knowing who was the last person who published the workflow. You may want to setup some governance around this and have it be as simple as providing their name in the comment field when you publish it. Just a thought.