Skip to main content

Nintex Workflow for O365 - Permission Issue With Custom Task Form

What
Product: Nintex Workflow & Forms for O365
Scenario: Create a custom Task Form on an 'Assign a Task' action via the 'Edit Task Form' option

Issue: Staff member does not have sufficient permission to approve task, and is instead provided with the following error message "Item does not exist. It may have been deleted by another user."

Why
In my case, I checked permissions on the list hosting the workflow AND the Workflow Tasks list to ensure the user had at least Contribute access on both (as per Nintex instructions here).

However the error message continued to appear.  In the end it was because of two things:
  • On the list hosting the workflow, in 'Advanced Settings' I had set Read Access to 'Read items that were created by the user'.  This was so staff cannot see requests submitted by their colleagues.
  • The moment you edit the task form in Nintex Workflow, the Task Form requests data from the list item running the workflow.
Because we said that you can't see other peoples requests, the task form fails to work and this error message appears:


This isn't a very common scenario, normally I'd allow staff to see any requests submitted in the list.  However, this was unacceptable for this particular client.

How to Fix?
The simplest method to fixing the issue is to provide Full Control permissions to the list hosting the workflow.  Obviously this ruins any ideas you had to hide items from regular users.

So your other option is to delete the custom task form, and instead use the default SharePoint Task Form for approving tasks.  This allows us to apply the correct minimum-required permissions to list items.  However, this also means the end user gets a crappy UI for approving tasks.

So if you have to use a custom task form to make it a smoother experience for the end user, then the cleanest method to do this and ensure that you don't allow users to see all items is:

  • Switch off 'Read items that were created by the user' and change it to 'Read All Items'
  • Give all regular staff 'Contribute without Delete' access to the list (you'll need to create a custom permission access level for this
  • Add the 'Office 365 Update Item Permissions' Action as the first step in your workflow. Give the person who created the task, and the person who is approving the task, 'Contribute' access
That's it.  The only limitation with this solution is that every item will have individual permissions, and there is a limit of 50,000 items in a list with individual permissions in SharePoint Online.

Preferred Solution
Although Nintex is great for quickly modding the 'Task Item' form, I would just ask staff to be happy with whats provided out of the box if they also have these permission requirements.  Otherwise the solution just gets too complex.

If you'd like a great approval form OOTB, you should give Microsoft Flow a go.  Also, if you're looking for forms that work well in SharePoint AND on mobile devices, give PowerApps a go!

Got a better solution to this problem? Let me know in the comments.  

Comments

Popular posts from this blog

Export Group Membership From Active Directory Using Power Query

If you need to export a list of staff from an Active Directory Group, follow these steps.  Allows you to gather all the names & usernames of staff in a particular group and save the information into Excel.

Step By Step How To:
Open up Excel > Power Query TabClick From Other Sources > From Active Directory:(In Excel 2016 this is found under: Data Tab > New Query > From Other Sources > From Active Directory) screenshots from Excel 2016 on left, Excel 2010 w/ Power Query Add-on right A popup will ask you to enter your domain name.  It should already be populated with the correct information but if not, input your companies domain name & Click OK:
In the Navigator that opens up, expand your domain tree and double click group:

You should now see a list of all groups in Active Directory in the Power Query Editor:
In order to find & filter for a specific Group, Click the Down-Arrow for the 'distinguishedName' column > Text Filters > Contains...
Type the name…

HP Laserjet 1022 Printer - Can't Print on Windows 10

If you are having trouble getting your laserjet working on Windows 10, here's how I resolved the problem:

Go to Devices & PrintersFind your printer & go to Printer Properties > Advanced TabSet Driver to: HP LaserJet 1022 Class Driver & ApplyIf HP LaserJet 1022 Class Driver is not available.  download from this site: http://support.hp.com/us-en/drivers/selfservice/HP-LaserJet-1000-Printer-series/439424/model/439431Print a test page.


SharePoint Online - Branding with CSS

-----------------------------------------------------------------------------------------
This post is related to a larger group of posts called Migrate SharePoint to Office 365 - Planning & Steps
-----------------------------------------------------------------------------------------

I've gone with a Publishing Site Collection so that I can use the 'Alternate CSS URL' in Site Settings > Master Page.

First off, thanks to the following websites which helped get me started:
http://blog.sharepointexperience.com/2015/02/sptechcon-austin-february-2015/#more-2766http://blog.sharepointexperience.com/2015/01/to-brand-or-not-to-brand/ Here's what the end result will look like (if you have the same fonts):


Now for the CSS...

/* Design By : Brett Randall*/
/*     Design Colours: Greens/Greys/Blues */
/*     Last Modified : 28/02/2017*/
/*     Description: CSS to rebrand SharePoint Online Publishing Site Collection that is using seattle.master */

/* TABLE OF CONTENTS
-- -…