Hi guys, I'm looking a way to accomplish this task.
I would like that my users can upload documents to a document library, but they can't access their files until a manager has given the approval. They should be able to upload into a "buffer" restricted area, and receive their document only after the manager has approved the document.
I know that It's a strange behavior, if I can upload a document I already have access to it. This is a company policy that every document going out from the company must have and approval status. At the moment we use some MFC printers to scan documents, and users can access these functions after the authentication. The MFC scans the document into a Sharepoint document library, and a Nintex workflow starts on each new document. A flexy task action with a form request some more attributes/info and ask also who is the approver. Everything is working, because after the approval, I can attach the pdf document to a mail and return to the initiator. But in this kind of design there is a big hole, because the initiator could have access to the uploaded file even before the manager approval. We hide the document library for scans, but the item that starts the workflow has the initial user as owner, and looking on the workflow status/history, he could click on the item link and easily view/download the document.
I've tried modifying permission on the item, just after the upload, but without success. The task created by nintex into "my workflow tasks" reference an object that it has no more access (changed permission) and therefore cannot continue.
At the moment the workaround has been to disable the href on the <a> link that reference the uploaded PDF file.
Would be better if I could find a solution to implement only with Nintex workflow actions.
PS. At the moment I'm working on a separate list 1 to 1 with the uploaded pdf into the document library, with a workflow that copies metadata from one item to the other. But it isn't an elegant solution.