Monday, 2 July 2018

Nintex Workflow for O365 - Permission Issue With Custom Task Form

What
Product: Nintex Workflow & Forms for O365
Scenario: Create a custom Task Form on an 'Assign a Task' action via the 'Edit Task Form' option

Issue: Staff member does not have sufficient permission to approve task, and is instead provided with the following error message "Item does not exist. It may have been deleted by another user."

Why
In my case, I checked permissions on the list hosting the workflow AND the Workflow Tasks list to ensure the user had at least Contribute access on both (as per Nintex instructions here).

However the error message continued to appear.  In the end it was because of two things:
  • On the list hosting the workflow, in 'Advanced Settings' I had set Read Access to 'Read items that were created by the user'.  This was so staff cannot see requests submitted by their colleagues.
  • The moment you edit the task form in Nintex Workflow, the Task Form requests data from the list item running the workflow.
Because we said that you can't see other peoples requests, the task form fails to work and this error message appears:


This isn't a very common scenario, normally I'd allow staff to see any requests submitted in the list.  However, this was unacceptable for this particular client.

How to Fix?
The simplest method to fixing the issue is to provide Full Control permissions to the list hosting the workflow.  Obviously this ruins any ideas you had to hide items from regular users.

So your other option is to delete the custom task form, and instead use the default SharePoint Task Form for approving tasks.  This allows us to apply the correct minimum-required permissions to list items.  However, this also means the end user gets a crappy UI for approving tasks.

So if you have to use a custom task form to make it a smoother experience for the end user, then the cleanest method to do this and ensure that you don't allow users to see all items is:

  • Switch off 'Read items that were created by the user' and change it to 'Read All Items'
  • Give all regular staff 'Contribute without Delete' access to the list (you'll need to create a custom permission access level for this
  • Add the 'Office 365 Update Item Permissions' Action as the first step in your workflow. Give the person who created the task, and the person who is approving the task, 'Contribute' access
That's it.  The only limitation with this solution is that every item will have individual permissions, and there is a limit of 50,000 items in a list with individual permissions in SharePoint Online.

Preferred Solution
Although Nintex is great for quickly modding the 'Task Item' form, I would just ask staff to be happy with whats provided out of the box if they also have these permission requirements.  Otherwise the solution just gets too complex.

If you'd like a great approval form OOTB, you should give Microsoft Flow a go.  Also, if you're looking for forms that work well in SharePoint AND on mobile devices, give PowerApps a go!

Got a better solution to this problem? Let me know in the comments.  

No comments:

Post a Comment