locked
Remove permission action in SPD 2010 removes incorrect permission RRS feed

  • Question

  • I have a SharePoint 2010 site, and several lists in it. My goal is on each list, implements an approval workflow on items. The requirement is, when a workflow starts, the creator can not edit it until it is rejected.

    At first, I grant the user contrbute and read permission on site level, so the user gets contribute and read permission on all lists in this site. Just my understanding, maybe not correct.

    The I made a list workflow on each list, when a workflow starts, remove the creator's contribute permission on current item in an impersonate step, which works fine.

    After the workflow is rejected, replace current item permission with contribute and read, to allow further edit. Also works.

    But when the item creator restarts the workflow, the approver, which is the same as last time, lost read access on the item, but only limited access permission remains.

    Anyone knows why this happened?


    Alex Du

    Tuesday, July 31, 2012 12:42 PM

Answers

  • Step of "After the workflow is rejected, replace current item permission with contribute and read, to allow further edit. Also works."

    Question: what user did you give contribute and read permission? Original Creator of the list item?

    You need to test if the Creator can read and write the list item after the workflow completes for first time. (If you already did this, ignore this)

    --------------

    Then workflow gets started again by Creator, I suppose workflow will "remove the creator's contribute permission on current item in an impersonate step". Can this step run? You may put Log to history and Pause, so you can check if creator still has read access to the list item.

    --------------

    General troubleshoot method for this issue is to add Log to History as comment and Pause action, which allows you to check the permissions of the list item to help you identify which permission action causes unexpected result.

    Regards,

    Jing Wang | Microsoft Online Community Support

    • Marked as answer by Entan Ming Friday, August 31, 2012 5:56 AM
    Thursday, August 16, 2012 1:47 PM

All replies

  • I have a SharePoint 2010 site, and several lists in it. My goal is on each list, implements an approval workflow on items. The requirement is, when a workflow starts, the creator can not edit it until it is rejected.

    At first, I grant the user contrbute and read permission on site level, so the user gets contribute and read permission on all lists in this site. Just my understanding, maybe not correct.

    The I made a list workflow on each list, when a workflow starts, remove the creator's contribute permission on current item in an impersonate step, which works fine.

    After the workflow is rejected, replace current item permission with contribute and read, to allow further edit. Also works.

    But when the item creator restarts the workflow, the approver, which is the same as last time, lost read access on the item, but only limited access permission remains.

    Anyone knows why this happened?


    Alex Du

    • Merged by Entan Ming Wednesday, August 1, 2012 1:24 AM
    Tuesday, July 31, 2012 12:43 PM
  • Hi,

    Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. Thank you for your understanding and support.

    Thanks,

    Entan Ming


    Entan Ming

    TechNet Community Support

    Friday, August 3, 2012 12:18 PM
  • Step of "After the workflow is rejected, replace current item permission with contribute and read, to allow further edit. Also works."

    Question: what user did you give contribute and read permission? Original Creator of the list item?

    You need to test if the Creator can read and write the list item after the workflow completes for first time. (If you already did this, ignore this)

    --------------

    Then workflow gets started again by Creator, I suppose workflow will "remove the creator's contribute permission on current item in an impersonate step". Can this step run? You may put Log to history and Pause, so you can check if creator still has read access to the list item.

    --------------

    General troubleshoot method for this issue is to add Log to History as comment and Pause action, which allows you to check the permissions of the list item to help you identify which permission action causes unexpected result.

    Regards,

    Jing Wang | Microsoft Online Community Support

    • Marked as answer by Entan Ming Friday, August 31, 2012 5:56 AM
    Thursday, August 16, 2012 1:47 PM