Not applicable

set item permission access denied

Jump to solution

Set Item Permissions - Access denied when going against another list, works fine on current item.

Hello, I have the following scenario

  • SharePoint List - Orders
  • SharePoint List - Items - has a link to column to parent order

 

When users save the Orders list item and put into submitted state Nintex custom approval workflows run. At this point I need to set item permissions to Read Only for the user who created on both the Parent(Order) and all Childer(Items).

  • I have a workflow created to set permissions on all from a single workflow
  • The workflow is applied to "Orders" list
  • When Orders list item is Saved or Updated and status is "Submitted" this workflow is run
  • First the Orders list item permissions are updated
    • Admins and Approvers are granted Contribute permissions
    • Creator is granted Read Permissions
    • This works fine using the "Set Item Permissions" against "Current Item"
  • Next, I get a collection of all the ID's of related order items in the "Items" list
  • For each loop runs and inside the loop I have another "Set Item Permissions" step
    • In this step rather than current item we are setting permissions on list "Items" getting it by ID which is valid from my collection object and id variable
    • The workflow fails to set permissions against another list - Error reported is "Error setting item permissions" Access to item 'Item name' in list 'Items' on site 'siteurl' is denied


The workflow runs as the user who created and they have the same permissions across both lists.

  • According to the documentation "Set item Permissions" is a Nintex Custom function not limited to SP OOB restrictions of not running elevated permissions.
  • My understanding is this should work as documentation I have seen states "This task wouldn't be very useful without"
  • It seems thought that this documentation is only half correct.
  • The "Set Item Permissions" seems to run elevated against "Current Item" only and not against other lists.
  • I created a test workflow on the "Items" list to run Set Item Permissions as the same user and it works perfectly.
  • at this point we are now back to "Current Item" and it works validating my theory above

 

 

What is the best way to set permissions against another list from a single workflow? Why can I select to "Set Item Permission" on another list if its not running the same as against current item? This is confusing and was difficult to track down.

  • When running the same workflow as a higher level administrator everything succeeds without issue so the workflow is not the problem

 

My initial thought is too call the item workflow via web services. Just trying to find out if this is a bug, documentation error, or issue with my implementation

Tags (1)
0 Kudos
Reply
4 Replies
jan
Nintex Newbie

Re: set item permission access denied

Jump to solution

What if you were to change the order of how you were setting the permissions. I.e. apply permissions to the Items fist then the Orders? You also mentioned these lists are linked, via a lookup column? If so I wonder if that has something to do with it.

 

An easy out is to put the Set Permission action in an Action Set. An Action Set on the main node of the workflow ((i.e. not nested with-in another action set) has the ability to execute everything inside it under the context of the person who published the workflow. Would this help?

View solution in original post

0 Kudos
Reply
Not applicable

Re: set item permission access denied

Jump to solution

Jan,

I tried changing the ordering already with no effect on the error.

Also, I think the lookup column is not an issue here. I am using the lookup to get a collection of items but then using the ID to get individual item for Set Item Permissions update. Refer to the attachments to see my settings on Item list in Set Item Permissions step.

I'll take a look at the action set, I hadn't seen that before and sounds like a good option. Will let you know how that works out.

0 Kudos
Reply
Not applicable

Re: set item permission access denied

Jump to solution

Jan,

The action set is a good work around for me. We are going to setup a Nintex Workflow account similar to a service account to publish workflows that will need elevated permissions and action sets.

Had missed the little checkbox previously when reviewing action sets to "Run as workflow owner".

This would seem  good work around to many issues like updating the item after setting the user to read only permissions. I see many solutions recommending to call the web service for this type of update but Action Set seems much simpler.

Thanks for the help!

0 Kudos
Reply
jan
Nintex Newbie

Re: set item permission access denied

Jump to solution

Hi Matthew,

That is a great idea of having a service account to publish your workflows an one I am entertaining as well. One issue you may run into is if you have a team building workflows, is knowing who was the last person who published the workflow. You may want to setup some governance around this and have it be as simple as providing their name in the comment field when you publish it. Just a thought.

Thanks,

Jan

0 Kudos
Reply