Update a list item when the workflow initiator’s permissions are set to “Read”

Business Requirement

We have a nintex workflow, where in user EDRTest1 will fill the form. So EDRTest1 is the workflow initiator. Once the form is submitted by EDRTest1 we have to set read access to the EDRTest1 and set the contribute permission to user EDRTest2 on that item. Then a task will be assigned to the user EDRTest2 using assign flexi task action. After EDRTest2 approves/rejects the task we have to update an item.

Issue

How many of you know update item action would execute under the permissions of the initiator?

The workflow runs as the user who initiated it because this is the way Microsoft designed SharePoint workflow. We cannot change this behavior.

So in this workflow after EDRTest2 task approval, update item action is trying to update the current item with the read access to EDRTest1.

Because of this you will get the access denied problem with the below error.

“The workflow could not update the item, possibly because one or more columns for the item require a different type of information.”

How to solve this issue?

  • Drag on a “Call web service” action instead of update item
  • Configure the url to be your site url/_vti_bin/lists.asmx.
  • Click the padlock icon next to the username field and select the credentials defined above. (Be sure to select a user has contribute access to the item)
  • Press ‘Refresh’ next to the web method drop-down box.
  • Choose “UpdateListItems” from the list of available methods.
  • Click the SOAP Editor button option
  • Paste in the following XML. This particular example updates a field called ‘Status’ to be “Approved”. Note it uses references to define the list name and the ID of the item to update.

 <?xml version=”1.0″ encoding=”utf-8″?>

<soap:Envelope xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance&#8221; xmlns:xsd=”http://www.w3.org/2001/XMLSchema&#8221; xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/”&gt;

<soap:Body>

<UpdateListItems xmlns=”http://schemas.microsoft.com/sharepoint/soap/”&gt;

<listName>{Common:ListName}</listName>

<updates>

<Batch OnError=”Continue” ListVersion=”1″>

<Method ID=”1″ Cmd=”Update”>

<Field Name=”ID”>{ItemProperty:ID}</Field>

<Field Name=”Status”>Approved</Field>

</Method>

</Batch>

</updates>

</UpdateListItems>

</soap:Body>

</soap:Envelope>

Impact of this approach

This approach will change the modified by user value with the user name credential which we are passing to this web service action. But our requirement is to see the last modified by user as EDRTest2.

So what is the work around?

If this is the case the only other option would be to give the user permissions to the item via set permissions action, then a commit pending changes, then the update and then another set permissions action removing the permissions.

Advertisements

About Joseph Velliah
As a SharePoint Developer my professional interests tend to be technical and SharePoint focused. I run a blog at "SP RIDER" where you can expect to read HOW TOs and scenarios that I run into during my day to day job. I hope my posts will give back a little to the community that is helped me.

Comments are closed.

%d bloggers like this: