I am building a workflow for parents at a school to fill in permission notes for their children.
This is done by assigning them a nintex form workflow task via an Assign flexi task action.
We are using the combination of Nintex workflow and forms 2013.
The concern we have is that other parents could browse to the workflow tasks list and read the tasks assigned to other parents.
This could expose personal information of a parent or a student to other parents.
My initial thought was to run a workflow on the workflow tasks when the task item is created to break the permissions inheritance and assign the assigned to user as contribute, remove the members group and leave the owners group as full control.
Has anyone has experience with locking down the workflow task items?
Is there a better way to do this?