Update a list item when the workflow initiator’s permissions are set to “Read”

Business Requirement

We have a nintex workflow, where in user EDRTest1 will fill the form. So EDRTest1 is the workflow initiator. Once the form is submitted by EDRTest1 we have to set read access to the EDRTest1 and set the contribute permission to user EDRTest2 on that item. Then a task will be assigned to the user EDRTest2 using assign flexi task action. After EDRTest2 approves/rejects the task we have to update an item.

Issue

How many of you know update item action would execute under the permissions of the initiator?

The workflow runs as the user who initiated it because this is the way Microsoft designed SharePoint workflow. We cannot change this behavior.

So in this workflow after EDRTest2 task approval, update item action is trying to update the current item with the read access to EDRTest1.

Because of this you will get the access denied problem with the below error.

“The workflow could not update the item, possibly because one or more columns for the item require a different type of information.”

How to solve this issue?

  • Drag on a “Call web service” action instead of update item
  • Configure the url to be your site url/_vti_bin/lists.asmx.
  • Click the padlock icon next to the username field and select the credentials defined above. (Be sure to select a user has contribute access to the item)
  • Press ‘Refresh’ next to the web method drop-down box.
  • Choose “UpdateListItems” from the list of available methods.
  • Click the SOAP Editor button option
  • Paste in the following XML. This particular example updates a field called ‘Status’ to be “Approved”. Note it uses references to define the list name and the ID of the item to update.

 <?xml version=”1.0″ encoding=”utf-8″?>

<soap:Envelope xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance&#8221; xmlns:xsd=”http://www.w3.org/2001/XMLSchema&#8221; xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/”&gt;

<soap:Body>

<UpdateListItems xmlns=”http://schemas.microsoft.com/sharepoint/soap/”&gt;

<listName>{Common:ListName}</listName>

<updates>

<Batch OnError=”Continue” ListVersion=”1″>

<Method ID=”1″ Cmd=”Update”>

<Field Name=”ID”>{ItemProperty:ID}</Field>

<Field Name=”Status”>Approved</Field>

</Method>

</Batch>

</updates>

</UpdateListItems>

</soap:Body>

</soap:Envelope>

Impact of this approach

This approach will change the modified by user value with the user name credential which we are passing to this web service action. But our requirement is to see the last modified by user as EDRTest2.

So what is the work around?

If this is the case the only other option would be to give the user permissions to the item via set permissions action, then a commit pending changes, then the update and then another set permissions action removing the permissions.

About these ads

About Joseph Velliah
I am Joseph, a Microsoft Certified SharePoint MCPD & MCTS. I’ve about 8 years of experience in professional software development. I have good experience in setting up and configuring small/medium/large SharePoint 2010 farms, design/architecture, upgrading and migrating to SharePoint 2010, development of applications, web parts, workflows, InfoPath forms, Lotus Notes to SharePoint Migration, Business Intelligence and Search. Over last four years, I’m involved in development Windows SharePoint Services and Business Process Automation. Currently I am working as Project Lead in Lotus Notes to SharePoint Migration Project. My main responsibilities include Lotus Notes to SharePoint Migration, Customizing SharePoint, Business Process Automation using SharePoint and Nintex Workflows, Developing Webparts, Developing WCF services for SharePoint and Custom Membership Providers.

Comments are closed.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: