Workflow access denied to task assignee

  • 4 November 2020
  • 2 replies
  • 103 views
Sylvain
Badge +3

Dear community,

 

I just came across a problem for a specific user that can no longer action tasks assigned to him.

This should not be consequent to any change since neither permission settings (at item, task list or site level), workflow design nor user account have been made.

The user receives the email with the link to approve but when clicking the link a permission denied error shows up. Same happens when trying to open the task from the task list directly.

User has contribute access to the item, to the task list and to the site. 

The server log clearly shows an access denied error for the authenticated user.

Troubleshooting done so far:

- Restart of his machine

- Elevating his privileges to full control on the site. This allows him to open the task but it still says he's not authorized to approve or reject (can only delegate).

- What's interesting is that if I delegate the task assigned to this user to that same user again, then he can action it.

Based on this I checked the workflow logs and figured the task show as being orginially assigned to his account id (i:0.w#...) while after delegation it shows as LastName FirstName. Tasks for other users always show LastName FirstName for the assignee.

 

9376i5B2D78B0FDFE11C7.png

 

As next step I'm thinking of a possible user profile corruption and was thinking about deleting it so it's re-created with next AD sync.

Anyone experienced something similar or have any idea on the root cause and how it can be fixed ?

 

Thank you

2 replies

Michel
Badge +7
Hi,

It seems that, while assigning, the UPN of the user cannot be resolved. If you are able to delegate the task to the same user, and that works, than the user is OK.

I would re-configure the create task action within the workflow. Are you using a variable to assign the task to the user?
Sylvain
Badge +3
Hi,
Thanks for your suggestion.
The task assignee is indeed stored in a variable of type person.
The variable value is set through a list lookup where the approver name is stored (in a person column, name with presence display) for each department.
I checked the approver list and the user name is entered and resolves correctly there, for this particular user just like any other that don't have the problem.
After investigating further I figured this problem exists for months but intermittent. In some workflow instances the name resolves correctly for the flexi task assignment other times it doesn't without any logic.
I also found that this has happened with other workflows even when the assignee is not stored in a variable (but entered in the item form).
What is strange is that the variable value correctly resolves for the email notification and the task shows under his name in the workflow tasks list.
So the question is why does this particular account not resolve correctly at times when others always do in the exact same context ?

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings