Set Item Permissions - Access denied when going against another list, works fine on current item.
Hello, I have the following scenario
- SharePoint List - Orders
- SharePoint List - Items - has a link to column to parent order
When users save the Orders list item and put into submitted state Nintex custom approval workflows run. At this point I need to set item permissions to Read Only for the user who created on both the Parent(Order) and all Childer(Items).
- I have a workflow created to set permissions on all from a single workflow
- The workflow is applied to "Orders" list
- When Orders list item is Saved or Updated and status is "Submitted" this workflow is run
- First the Orders list item permissions are updated
- Admins and Approvers are granted Contribute permissions
- Creator is granted Read Permissions
- This works fine using the "Set Item Permissions" against "Current Item"
- Next, I get a collection of all the ID's of related order items in the "Items" list
- For each loop runs and inside the loop I have another "Set Item Permissions" step
- In this step rather than current item we are setting permissions on list "Items" getting it by ID which is valid from my collection object and id variable
- The workflow fails to set permissions against another list - Error reported is "Error setting item permissions" Access to item 'Item name' in list 'Items' on site 'siteurl' is denied
The workflow runs as the user who created and they have the same permissions across both lists.
- According to the documentation "Set item Permissions" is a Nintex Custom function not limited to SP OOB restrictions of not running elevated permissions.
- My understanding is this should work as documentation I have seen states "This task wouldn't be very useful without"
- It seems thought that this documentation is only half correct.
- The "Set Item Permissions" seems to run elevated against "Current Item" only and not against other lists.
- I created a test workflow on the "Items" list to run Set Item Permissions as the same user and it works perfectly.
- at this point we are now back to "Current Item" and it works validating my theory above
What is the best way to set permissions against another list from a single workflow? Why can I select to "Set Item Permission" on another list if its not running the same as against current item? This is confusing and was difficult to track down.
- When running the same workflow as a higher level administrator everything succeeds without issue so the workflow is not the problem
My initial thought is too call the item workflow via web services. Just trying to find out if this is a bug, documentation error, or issue with my implementation