I don't know how to solve the following problem. I have a list with many fields and for that list have created a Nintex form.
Also I have created a workflow for approval purposes that seems to work. At the beginning of that workflow I want to set the rights for the element to be "read only" for everyone and only a group called like "formAdministrators" may have all rights. The workflow saves these settings at this point.
Now the workflow sends an e-mail to the first approver (a second stage will follow later) who can set his decision to "approved" or "declined" and leave a comment. The workflow can read these values and should also save that values to the element.
With our tests (we started the workflow manually) we found that this workflow runs correctly if I start the workflow. It seems to be this way because I'm member of the group "formAdministrators". But if somebody else who is not member of that group starts that workflow it will fail. The error message was like "The item could not be updated by the workflow, possibly because at least one column of the item requires a different type of information".
My question now is, how can I manage that nobody can change the element after creating it, but the workflow has the permission to change something? I don't know with which rights the workflow runs and how to set these rights.
Can somebody give me a hint please?
Thanks in advance.
Solved! Go to Solution.
To start a list workflow at minimum contribute permission is needed by the user (see Minimum permissions to publish or start a workflow by Caroline Jung ).
For users only having read access to a list, build a site workflow and use permission elevation for list updates (see answer from Eric Rhodes in ).