cancel
Showing results for 
Search instead for 
Did you mean: 
omourad
Nintex Newbie

Re: What permissions are needed to view a task not assigned to you?

I think Flexi task is different than the normal task as the Flexi task is using its form where the security check happen

0 Kudos
Reply
deonn
Nintex Newbie

Re: What permissions are needed to view a task not assigned to you?

Sorry to reply to an old thread.  I may be possibly missing something here, as I often battle with this issue and our business.  If you run the SharePoint 2007 or 2010 'Collect Feedback' workflow, the workflow owner, as lease a 'designer' at web level, can review any task on behalf of people.  They can see the task and return the feedback.

If I try to mimic this functionality with Nintex and Request Review, the task is not assessable to anyone buy the assigned to person and 'site collection' admins.

Am I missing something here?  SharePoint does not seem to be at fault here, it sounds more like a Nintex implementation Emily Billing

0 Kudos
Reply
Not applicable

Re: What permissions are needed to view a task not assigned to you?

Since this behavior continues to be a hot issue I have explained this behavior further:

As it was mentioned previously in the thread ("You are not authorized to respond to this task." message ), in order to view tasks assigned to other users, a user must have at least "Manage Hierarchy" permission levels at the site level which is "technically" correct as that permission level includes permissions applied when "Full Control" is given to a user. To be more specific I have reviewed the exact permission levels needed to access a Flexi-task not assigned to you.

Here are the exact minimum permission level requirements at the site level to view tasks assigned to users other than you:

(This assumes you already have the required "Edit permissions" aka contribute)

List Permissions:

View Items  -  View items in lists and documents in document libraries.

Open Items  -  View the source of documents with server-side file handlers. 

View Versions  -  View past versions of a list item or document.

Site Permissions:

Manage Permissions  -  Create and change permission levels on the Web site and assign permissions to users and groups.

Manage Web Site  -  Grants the ability to perform all administration tasks for the Web site as well as manage content.

Add and Customize Pages  -  Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Microsoft SharePoint Foundation - compatible editor.

Browse Directories  -  Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.

View Pages  -  View pages in a Web site.

Enumerate Permissions  -  Enumerate permissions on the Web site, list, folder, document, or list item.

Browse User Information  -  View information about users of the Web site.

Open  -  Allows users to open a Web site, list, or folder in order to access items inside that container.

Now with that being said, these permissions are required due to how the NintexWorkflow/ApproveReject.aspx page checks if you are qualified to view the task. There are a number of checks that happen onpageload.

The first check this pages does is to see if the user has at least "EditListItems" permissions. (This is the "Edit items" permission level which is included in contribute).

Next, the page will attempt to check if the user viewing the task matches the humanworkflowID of the user assigned to the task. This ID is stored within the Nintex Workflow database. If the user does not match the page then checks if the user is an admin via a custom "isadmin" check. The permission levels required by this "isadmin" check are the following:

Manage Permissions

Manage Web Site

View Pages

Open

Add and Customize Pages

As you can see these permission levels are the same as those included in the list above. The only difference being my list includes the dependent permission levels.

If you pass either the HumanworkflowID check or the "isadmin" check the page will display the task page successfully. All of the aforementioned permissions checks are done onpageload.

For reference those permissions are listed in full detail here: https://technet.microsoft.com/en-us/library/cc721640.aspx

Cheers,

Andrew Beals

Reply
plv8595
Nintex Newbie

Re: What permissions are needed to view a task not assigned to you?

Is there anything new on this topic with the updated versions of Nintex?

0 Kudos
Reply