We have a nintex workflow, where in user TestUser1 will fill the form. So TestUser1 is the workflow initiator. Once the form is submitted by TestUser1 we have to set read access to the TestUser1 and set the contribute permission to user TestUser2 on that item. Then a task will be assigned to the user TestUser2 using assign flexi task action. After TestUser2 approves/rejects the task we have to update an item.

Issue

How many of you know update item action would execute under the permissions of the initiator?

The workflow runs as the user who initiated it because this is the way Microsoft designed SharePoint workflow. We cannot change this behavior.

So in this workflow after TestUser2 task approval, update item action is trying to update the current item with the read access to TestUser1.

Because of this you will get the access denied problem with the below error.

“The workflow could not update the item, possibly because one or more columns for the item require a different type of information.”

How to solve this issue?

  • Drag on a “Call web service” action instead of update item
  • Configure the url to be your site url/_vti_bin/lists.asmx.
  • Click the padlock icon next to the username field and select the credentials defined above. (Be sure to select a user has contribute access to the item)
  • Press ‘Refresh’ next to the web method drop-down box.
  • Choose “UpdateListItems” from the list of available methods.
  • Click the SOAP Editor button option
  • Paste in the following XML. This particular example updates a field called ‘Status’ to be “Approved”. Note it uses references to define the list name and the ID of the item to update.
<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<UpdateListItems xmlns="http://schemas.microsoft.com/sharepoint/soap/">
<listName>{Common:ListName}</listName>
<updates>
<Batch OnError="Continue" ListVersion="1">
<Method ID="1" Cmd="Update">
<Field Name="ID">{ItemProperty:ID}</Field>
<Field Name="Status">Approved</Field>
</Method>
</Batch>
</updates>
</UpdateListItems>
</soap:Body>
</soap:Envelope>

Impact of this approach

This approach will change the modified by user value with the user name credential which we are passing to this web service action. But our requirement is to see the last modified by user as TestUser2.

So what is the work around?

If this is the case the only other option would be to give the user permissions to the item via set permissions action, then a commit pending changes, then the update and then another set permissions action removing the permissions.