Update a list item when the workflow initiator’s permissions are set to “Read”
January 11, 2013
We have a nintex workflow, where in user EDRTest1 will fill the form. So EDRTest1 is the workflow initiator. Once the form is submitted by EDRTest1 we have to set read access to the EDRTest1 and set the contribute permission to user EDRTest2 on that item. Then a task will be assigned to the user EDRTest2 using assign flexi task action. After EDRTest2 approves/rejects the task we have to update an item.
How many of you know update item action would execute under the permissions of the initiator?
The workflow runs as the user who initiated it because this is the way Microsoft designed SharePoint workflow. We cannot change this behavior.
So in this workflow after EDRTest2 task approval, update item action is trying to update the current item with the read access to EDRTest1.
Because of this you will get the access denied problem with the below error.
“The workflow could not update the item, possibly because one or more columns for the item require a different type of information.”
How to solve this issue?
- Drag on a “Call web service” action instead of update item
- Configure the url to be your site url/_vti_bin/lists.asmx.
- Click the padlock icon next to the username field and select the credentials defined above. (Be sure to select a user has contribute access to the item)
- Press ‘Refresh’ next to the web method drop-down box.
- Choose “UpdateListItems” from the list of available methods.
- Click the SOAP Editor button option
- Paste in the following XML. This particular example updates a field called ‘Status’ to be “Approved”. Note it uses references to define the list name and the ID of the item to update.
<?xml version=”1.0″ encoding=”utf-8″?>
<Batch OnError=”Continue” ListVersion=”1″>
<Method ID=”1″ Cmd=”Update”>
Impact of this approach
This approach will change the modified by user value with the user name credential which we are passing to this web service action. But our requirement is to see the last modified by user as EDRTest2.
So what is the work around?
If this is the case the only other option would be to give the user permissions to the item via set permissions action, then a commit pending changes, then the update and then another set permissions action removing the permissions.