Our requirement is to create sub-sites under the site collection based on user request using nintex workflow.  We have attached this nintex workflow in the request form. So whenever an item created to this list, our workflow will run and create a sub-site.

Since the workflow is running with the current logged-in user, it is adding the current logged-in user with full control in site permissions in the site which is created by the workflow. But customer requirement is to remove the current user permission given directly to site. So we wanted to remove the logged-in user from the site once the site is created.

To do this first we have to check the exception in the create site action, if no exception we have to remove the user using RemoveUserFromWeb web method of usergroup.asmx web service.

We wanted to configure this web service action with workflow owner identity so we tried to use Action Set for this. But when we tried to configure the action set the “Run as workflow owner” option was disabled.

This is our development scenario. Find the screen below

action

But we solved this by configuring the Service Admin account in Override credentials section of the Create Site action.

Use of Override credentials

The site will be created using the current security context of the workflow by default.  This can be the rights of the initiator or the rights of the workflow owner.

If an override username and password is provided, the workflow action will use the permissions of the provided account to create the site instead.

Why Run as workflow owner is disabled in Action Set?

This is an expected behaviour of Action Set control. Only actions at the root path of the workflow will have the Run as Workflow Owner option.  If you have an action in any branch, this option will not be available.