PS 2013 WorkFlow Approval - Anyone can do it! RRS feed

  • Question

  • Having avoided workflows in 2007 and 2010, I have a built my first workflow in PS2013 using Sharepoint Designer 2013 and found it surprisingly straightforward. At each gate I had a mail going off the the nominated approver. He clicks on the mail opens the form and approves and the workflow marches forward.

    In my initial investigations I did not have email so I went directly to the Project Server Workflow Tasks, selected the appropriate task and approved it in the list. Unfortunately what is apparent is that anyone can navigate to this list, and approve, delete or add records, not just the nominated approver(s) and administrators.

    In Classic mode security you can hide the approval menu but not so in new the sharepoint mode. In any case a team member can always get to this list via Settings!Site Contents.

    Is my understanding correct? How do you prevent the world and his dog messing with this list?

    What is "best practice" and configuration for an approval process?




    Mike Mahoney

    Thursday, February 14, 2013 4:26 PM

All replies

  • It should not inherit the permission from the root, should be unique. Remove the Team members and provide permissions to necessary groups.

    Let me check with product group.

    Cheers. Happy troubleshooting !!! Sriram E - MSFT Enterprise Project Management

    Friday, February 22, 2013 10:33 PM
  • If what you are after is to secure tasks to the assignees / admins, as I understand the approval tasks will not have item level security applied to them by default in 2013, you would need to design your workflow to take care of that for you. 

    In 2010 there used to be an option for SPD workflows called '“Only allow task recipients and process owners to read and edit workflow tasks'  which would ensure the task was secured to the user assigned to. MS also provided some guidance on how you could secure tasks in this TechNet article - In SPD2013, and the PS2013 DM workflows, that option doesn't appear to be there any more.

    Luckily, Project Server 2013 and SharePoint 2013 has two workflow engines, the new 2013 one that SPD uses to build PS demand management workflows, and the old 2010 one. There might be an option to call out to these old 2010 workflows, which still have access to the securing capabilities mentioned above, and use those, of course you would need some form of letting the calling workflow known it has completed. A complete list of the actions available in 2010 workflows but not there in 2013 workflows can be seen at

    Alex Burton | Twitter
    Project Server TechCenter | Project Developer Center | Project Server Help | Project Product Page

    Saturday, February 23, 2013 8:46 AM
  • Hi Alex

    Thanks for the background. At the moment I am investigation OOB capabilities of PS2013. The new workflow capability opens up the Phase\Stage (EPM lifecycle) elements to non-developers like myself. It is a great improvement though I guess there are still some limitations to the OOB approach.



    Mike Mahoney

    Saturday, February 23, 2013 11:40 AM