Specific permission for users and approvers

  • 21 September 2017
  • 3 replies
  • 80 views
B
Badge +11

Hello all

I like to have a workflow implemented for a List where users can submit a form (which triggers the WF) but at same time not being able to go back to the form to edit or delete it. Whereas the approvers should be able to approve it but not edit or delete the file.  I have created a separate permission level whereby I copied same rights from the Contribute and unticked - Edit Items and Delete items.

Downfall is that the workflow will not start if the user does not have Edit Items right.

Also the WF will display the following error once the approver approves it:

Error retrieving context data. <nativehr>0x80070005</nativehr><nativestack></nativestack>

How you workaround this issue ?!
How do I make sure that the user's cannot edit or delete the item once they have submitted it ?!

I had a look at the Set Item Permission but not quite sure about it.

Bearing in mind; the list already got the Members with the permission of "Contributor" and if I implement the above item permission will it then overwrite Members with READ permissions instead and keep all other groups permission in tact ?

3 replies

P
Userlevel 4
Badge +12

Hi,

as you already mentioned users need edit permission to start the workflow at all. A common scenario is to let people have edit permission on the list so they can add new items and start workflow. Then, after the workflow starts you can use the set item permission action to remove all inherited permissions and give new permissions to whomever you want like

Initiator: read

Approver: Approve

IT: full access

or so. Going this way you will end in items with single item permissions that will not care about what permissions are on the list.

There are pros and cons using this approach. I suggest you read about the system of single item permissions and decide if its a way for you. It's heavily dependent on how many items you're going to have in your list. I wrote a bit about it here:

https://community.nintex.com/message/57622-re-nintex-workflow-failed-to-start-notification?commentID=57622#comment-57622 

As for your approvers: As far as I know you cannot have people approve but not allow them to edit the item as the approval always goes with an item update.

If you want to prevent users from editing I would consider developing an event receiver on the list which will be capable of doing both: prevent users from modifying created items and also prevent modification by approvers as long as they're not triggered by a workflow approval update.

Would that be an option?

Best regards

Enrico

B
Badge +11

Hello Enrico, ich grüsse dich aus England

Indeed, we started using Sharepoing and Nintex because we want to get all paper-based forms and implement them in sharepoint so we don't have to keep a hard copy of the papers etc. in other words, eventually the list will have a lot of items in there ... can you imagine if its being used for years.

As you said, single permissions on many items will cause errors or even performance issues.

Now, if I read your last paragraph, you mention about an EVENT RECEIVER of which I have not much clue about.

How is that done happy.png ?

NOTE: My exec. insist to have a function in place where it does not allow the user (apart from the Admin) to edit or delete the items once it has been submitted and also the approvers from deleting or editing it once the WF is complete.

M
Badge +9

Hi Bim Bimi

another aproach is the use of a site workflow. Only the workflow owner/publisher needs write access to the data list. Collect infos to create a list item by workflow start form. In the workflow place create/update item action into a action set which is configured to run as workflow owner. Initiator and approver needs only edit/approve permissions for workflow task/history lists. See also Handling Permissions in Workflows  by .

Kind regards

Manfred

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings