In O365 I have a list where an employee submits a request and once that request is submitted they should not be able to modify or delete the request. In order to achieve this goal the first thing I would like to do is to remove all existing permissions on the list item then add back in the necessary permissions. I have configured the following:
Step 1 - Remove all existing permissions and assign full control to a user group.
Step 2 - Assign read to the user that submitted the request so they can monitor the status.
Step 3 - Assign additional read permissions to people that need to audit the list.
I have used the O365 update permission action to configure these. When I add an item to the list as someone in the user group that is granted full control permissions step 2 and 3 work as expected. But when a user that is not part of the full control group adds an item to the list the workflow goes into a Suspended state between steps 1 and 2. This indicates to me that there is some permission issue.
- What account do workflows run under?
- If the workflow runs under the user account of the person that starts the workflow then how can privileges be escalated?
- How can a workflow be set to always run under a designated service account?
- Or, how can configure the permission steps so that the workflow continues to run?