I am building a workflow for parents at a school to fill in permission notes for their children.
This is done by assigning them a nintex form workflow task via an Assign flexi task action.
We are using the combination of Nintex workflow and forms 2013.
The concern we have is that other parents could browse to the workflow tasks list and read the tasks assigned to other parents.
This could expose personal information of a parent or a student to other parents.
My initial thought was to run a workflow on the workflow tasks when the task item is created to break the permissions inheritance and assign the assigned to user as contribute, remove the members group and leave the owners group as full control.
Has anyone has experience with locking down the workflow task items?
Is there a better way to do this?
from my perspective, it is the only working way to reduce the permissions to a minimum. I did same things, to remove simply all permissions, stop inheritation and then just add contribute permissions for the task-recipient. The workflow is just running on "create new item" and not on "change", cause this would bring you up cancelling workflows, cause the WF-engine is running into a item-share-conflict.
Thanks for the info Norbert.
Glad I'm not the only one who needs to deal with a greater level of security and that my thoughts were down the right track.