I can't find any information on what security group a user needs to be in to 'approve' a workflow approval request.
Does anyone know? Is it a SharePoint Approvers group that they need to be a part of?
They'll need to have the SharePoint Permissions Level "Contribute".
I've also included a Security Settings table from the Nintex Workflow Help File Excerpts (look here for user guide content), which explains the different levels!
According to how a user is required to interact with Nintex Workflow there are different security considerations to be made. The table below outlines the minimum permissions required to perform the actions described. In general, the runtime permissions can be inherited from the site or the parent site but must be the effective permissions for the given user at the list level.
I've wondered about the permissions for the different Nintex roles. This is very useful!
I've written a blog post on this in the past.
Permissions for Nintex Workflow interactions | Kevin Annfield's Blog
The big permission that caught me out was you can't just give item level permissions to the task or item the workflow is running on. You still need Read permissions on the underlying site (my client needed us to remove this for a pretty specific reason).
Thanks, I will be reading it very soon! Got to go catch up with my support tickets and then back to Nintex.
Thank you for your quick reply,
I have just confirmed this as well. When the ApproveReject.aspx page loads it does some site level checks on lists. It is a hard requirement to have at least read permissions at the site level.
One of my work colleague came to me with a similar issue, he had changed the Work Flow tasks list settings and modified the Item-level Permissions (Under advanced settings).
This need to be set so that users can "Read all Items" and also "Create and edit all items" otherwise they will receive that error message.
We have these settings on our environment but users are still not able to read.
Did you ever find a workaround to your issue so that your workflow would run without having to assisgn all users 'Read all items'? I seem to be having the same problem here:
item-level permissions conflicting with workflow
I believe an additional user role that comes up a few times in Nintex Workflow I design is the ability to only "read" workflow tasks but not action them nor delegate.
For instance imagine that a workflow request a report to be written and user attach a file to it: both text report and attachments are stored into the workflow task but some view-only users like auditors cannot open the tasks and if we give higher level they will be able to do more such as edit.
I mention this issue and my findings to give such access in the comments of Kevin's blog here Permissions for Nintex Workflow interactions | Kevin Annfield's Blog with one problem: users can also create pages/sites/library which is not wanted.
Any simple "Nintex workflow reader" role recommendations would be appreciated please.
I have a view that groups the task by assigned to so that corporate mgrs. can see what’s in the pipe. I would like these folks to be able to simply view the individual item but not be able to have all of the other permissions/capabilities that Contribute provides. I changed the view so that the link doesn’t go to the edit item but rather the view item page but my users are still getting this error “You are not authorized to respond to this task” despite being at the view item page. This really needs to be fixed!
Again I had a user who had issue opening a Workflow task and therefore I need to be precise, this Permission is the one that is required at site permission level so that the item in Workflow Tasks list can be viewed.
(until Nintex gives us a fix)
Manage Hierarchy - Can create sites and edit pages, list items, and documents.
Hope this help !
Thank you, I have found that indeed, in our case you have to have FULL CONTROL rights at the SITE LEVEL for the ability to respond to any workflow task in the Workflow Tasks list. This is crazy.
In my case I do not even want the user to respond to the task but only to view the details of the invoice. I don't mind if the get the red 'You are not authorized to respond to this task' message. Currently the users are getting an unhandled exception but when I look in the ULS logs it is this message. I get the nice red message because I got full control on the site as the administrator.
Emily Billing has marked a 7 month old response that has nothing to do with my scenario as the answer to this conundrum. My user doesn't need to approve the workflow item. They only need to view the details of it. These would be store managers, district and area mangers.
Hi Richard, I've create a new post for your question, as you have a different question to the original in this thread, and will have more visibility. You can find it here What permissions are needed to view a task not assigned to you?
Retrieving data ...