Set read permission on a specific item in a list with Web Request Action

  • 26 December 2018
  • 9 replies
  • 38 views

Badge +3

Guys , I need to add read permission for a user in a workflow. the user is initiator of a workflow in another list, and during the workflow, an item will be created on the second list (which is for reporting purposes) that the initiator is not supposed to have full read access.

I know that this kinda could be created via the "Advanced>Item Level Permission" on the reporting list, but because of logical reasons, the user should not even has "Create Item" access on the reporting list (stop user from manually create reports!) and because of this, the workflow has to be run as Site Owner user, which makes the "Item Level Feature" set by list setting useless (items are created by my user instead of the initiators and therefor they cannot see items they have created)

I have used "CALL WEB SERVICE" action to set permissions on different lists before, but this one has to be happen on a single Item on a list, not the whole list.

then My only option seems to be using "Web Request" with SharePoint RESTAPI.

Please help me configure this action, since there is no example on the nintex forums.

here's a screenshot of what that I've tried with no luck:

Web Request Action - Run Now@

Thanks

I appreciate the time you spend for me.

Cassy Freeman‌ You always answer everyone's questions, please answer me toooo, this is important. 

I get the bellow errors"

  1.   Response status code: 302

         Response content:
         <head><title>Document Moved</title></head>
         <body><h1>Object Moved</h1>This document may be found <

  2.   FORBIDDEN

  3.   Unauthorized

It doesn't work no matter what! sad.png


9 replies

Badge +7

Hi 

hope this will help you

{Workflow Context:Current site URL}_api/web/lists/getbytitle('LISTNAME')/items(CurrentitemID)//roleassignments({Variable:PrinscipleGroupID})

please refer below links

Delete Existing &amp; Add New Permission to the Library/List 

MicrosoftSharePoint2013: How to set Item Level Permissions using SharePoint 2013 REST API 

Regards

Ranjith

Badge +3

Thank you very much Ranjith kumar, but unfortunately this is not working for me.

I have refered to your links but no luck. changed syntax or even order!
I think my problem is that I don't know how exactly configure the action. both of your links are using different products. I am using NINTEX 2016 with SharePoint 2016.

Badge +7

HI behy,

i have tested same scenario here it is working fine, 

let me know ...still if you face the issue?

regards

Ranjith

Badge +3

Hi Ranjith kumar‌,

Yes! sad.png Unfortunately I still have the issue.. It's not working. I have created a simple workflow with only one action and test in "run now" and it's still the same. can I see a screen shot of the action config?

Badge +7

Hi Behy,

Follow this ....

221751_pastedImage_1.png

221752_pastedImage_2.png

221774_pastedImage_3.png

221775_pastedImage_4.png

221776_pastedImage_5.png

221777_pastedImage_6.png

Regards

Ranjith

Badge +3

I don't know what kind of Nintex Workflow you are using, but I'm using Nintex Workflow for SharePoint (on-premise) and my Action Config Page is look like this:

221779_pastedImage_2.png

I don't have "Build Dictionary" Action, that you've used.

I have configured the URL the same as you and I get http response "Request failed with status: FORBIDDEN."

Please Advice.

THANK YOU FOR THE TIME YOU'RE SPENDING FOR ME, MAN.

Badge +7

Hi amiri

for on-premise  :  Check this

How to execute a SP2013 REST API request with Nintex Workflow 

Regards

Ranjith

Badge +3

Great link. the same process you described but in On-Premise Nintex.

I managed to send the post request and break the inheritance, though still I'm not able to addroleassignment.

when I try to add new item level permission to the item with the bellow context:

https://URL/_api/web/lists/getByTitle('Timesheet Reports')/items(32)/roleassignments/addroleassignment(principalid=9;roledefid=1073741826)

where principalid=9 is the "ID" for the user (not group) retrieved from :

https://URL/_api/web/siteusers

 

I'll get the bellow error in response :

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
<m:code>
-1, Microsoft.SharePoint.Client.InvalidClientQueryException
</m:code>
<m:message xml:lang="en-US">
The expression "web/lists/getByTitle('Timesheet Reports')/items(32)/roleassignments/addroleassignment(principalid=9;roledefid=1073741826)" is not valid.
</m:message>
</m:error>

 

Really Thank you Ranjith kumar for the help, your posts are very very helpful.

Badge +7

Hi Amiri,

I have seen your code,  there i Noticed the  ;  instead of ,   (Next to Principal id , )

Please correct it and Try...... it will work i guess 

Regards,

Ranjith..

Reply