when publishing a workflow from SharePoint development environment to productive environment via export/import we found that the permission levels get scrambled up.
We use the action 'set item permissions' and assigned our own permission level "company reader" (a copy of the permission level 'read') to the item. In the same workflow in productive system it got converted to another permission level "company editors" after import. We had to re-assign all levels in prod again manually.
did anyone of you ever experience this before? Do you know a solution for it?
Solved! Go to Solution.
I suspect there is an ID assigned to the Group when they are created and these ID's are different for the 2 environments. Is your dev Site Collection a copy of your production site collection (i.e. backup and restored to the dev farm) or was it built independently?
If you inspect the URL when in the People and Groups page for the group, check the MembershipGroupId value in the query string
I would suspect that the ID for Company Readers in your dev environment is the same as the ID for Company Editors in your production environment. This is because the ID's are assigned in the order they were created, so if your 2 site collections were created independently then you may have created these groups in a different order.
Check this and let us know
thank you very much for your quick reply!
My assumptions headed into the same direction that there is a mismatch with the ID's in the background. The SiteCollections in Dev and Prod have been created independently from each other (unfortunately).
The link you suggested to me directs to the site group definitions. In the workflow action we don't use groups but only direct people-assignments, so I can exclude, that the groups don't match each other.
I find the configuration of the permission levels with this link:
This led me to the issue that there is only a name, no ID for the permission level which could mismatch then.
Any idea is appreciated
Edit: with the help of a little PowerShell ($site.RootWeb.RoleDefinitions) I found that the permission levels have got their own internal IDs which are created consecutively. I attached a screenshot with the result. At least it's clear now why Company Reader in DEV is Company Contributors in PROD.
Now I'm a little helpless... :\