We are trying to resolve the following situation, and are looking for advice on how to do so.
We have an Owners and a Designers SharePoint group.
Both groups can create workflows. In order to call web services in a workflow, the Nintex Service Account (NSA) is used.
If NSA is in the Designers group, both Designers and Owners can run Lists.asmx web service workflows, but not UserGroup.asmx web service workflows. This is because of the difference between Owner and Designer privileges.
The Owners need to be able to run UserGroup web service workflows, without giving access to the Designers to do so. But, putting NSA in the Owners group would give users in the Designers group the ability to run UserGroup web service workflows.
We have a SharePoint service provider, so are not able to access anything above the Site Collection level.
Is it possible to have two NSAs, one that is only visible to Owners? Are there any other possible solutions?