Assign permission to workflow tasks for read only users

  • 3 January 2017
  • 7 replies
  • 46 views
S
Badge +3

Hi,

I was creating a state machine approval workflow which uses assign flexi task to create workflow tasks for approval.

I am assigning tasks for ad group which has read only access to the site. When the corresponding users clicks on the link they are getting access denied error. My query is why the users are not even able to view the task properties with "Read" Access. Users are able to see the item in the workflow task list but when they click on it getting "Access denied error".

I am admitting that users needs contribute rights to approve the task. But in my scenario they are read only users, i don't want to assign contribute permission at the site level. Instead i am ok with assigning permission at the Workflow task list level or task item level. Can anybody please help me , how to grant contribute permission at Workflow task level or item level during state machine approval process.

7 replies

T
Userlevel 4
Badge +8

Hi Sreejith,

When you say, "I am assigning tasks for ad group" are you referring to "Active Directory" (AD)?  Meaning that you have an AD group within a read-only SharePoint group (e.g. Visitors)?

Assuming its YES to both questions above, what happens if you add a SharePoint user account into the same read-only SharePoint group?  Does that user also get access denied when clicking that same link?

If the SharePoint User does not have this problem, then next step is to troubleshoot the Active Directory permissions.  Have you confirmed exactly which users are in this AD group?  Have you tested their access in other lists or sites?

If the SharePoint User does have the same problem, then the issue isn't specific to Active Directory and you can review the permissions of your SharePoint Group more carefully.

Regards,

Tom

S
Badge +3

Hi Tom,

Sorry if i confused you. This is a very simple question; I have a SP group which has only read access to the site. I am assigning flexi task to those users at a State machine approval process. When my read only users clicks on the link to approve the task they are getting "Access denied error". 

I Saw from few posts that they need contribute rights to approve the item, but i am not interested to give them contribute as those users are from different department. What is the best practice to make them approve the task without giving them contribute permission to the site.

Hope now the Qn is more clear.

P
Userlevel 4
Badge +12

Hi Tom,

did you already try to give them contribute permissions to the workflow task list? They should be fine opening the workflow tasks then.

If it still doesn't work, you could try to change the item permissions inside of the approval action itself:

197367_pastedImage_1.png

Is this of any help?

Kind regards,

Enrico

S
Badge +3

Hi Enrico,

Thank you for the suggestion. I tried setting the item permission as you suggested , but still i was getting Access denied. 

Giving contribute rights to workflow tasks is a solution , but i have kept it aside as i have to find the best practice of doing it.

Can you help, how to assign item level permission to the task created by the flexi task.

P
Userlevel 4
Badge +12

Well, you could store the task ID's of the tasks generated by the approval ection (just place a collection variable in "Store task IDs in" field in the screenshot above.

Afterwards you can iterate the collection and query the task list for those ID's to change the permissions of the item with the edit permission action. But I won't count this as best practice as you have a huge overhead and people will not be able to delegate tasks and stuff.

Best practices for me would be to give them contribute rights to the whole list.

Kind regards,

Enrico

S
Badge +3

Hi Enrico,

Ok. I too consider it as an overhead. I would go ahead with assigning contribute permission to the workflow task list. But do you have any idea on why Setting item permissions on the Assign Flexi task action fails. I mean even after giving Contribute rights as you have shown through the screen shot; the user is getting "Access denied"

E
Userlevel 5
Badge +14

I would say you will not manage to see task with read only access.

not sure why does it work that way, and whether is intended or a bug, but this is what I've observed.

task link directs you to ApproveReject.aspx page which in turn, if you have customized task form, redirects you to workflow task list's EditForm.aspx. both these pages require edit access, which is quite understandable.

however, if you navigate to workflow task list on you own and choose view an item, normally DispForm.aspx should have been shown (for which read access is sufficient). unfortunatelly and I do not understand why, it as well opens ApproveReject.aspx resp. EditForm.aspx page. this is likely the reason you can't see task list item with read access.

this behavior is specific to NINTEX workflow task lists, this does not happen with OOTB sharepoint's task lists.

as I said, I do not know why this happens and whether it's customizable.

I would say it's not intended behaviour resp.at least not consistent one with other list types.

you might want to approach to ‌ and ask them to clarify or provide a workaround.

hope it helps.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings