jettaa2vr6
asked on
Copy from one list to another, but don't have contribute access on that other list
In our Sharepoint site, we have 2 lists.
One we'll call list A (which is the master list) and list B (which is almost the same list, but with less fields).
Our workflow is structured in such way that when you create an element in List B, it gets copied in List A and deleted from List B. The goal is to enable anyone to create entries in List A, but with limited access to certain fields.
If a user of group G creates an element in List B, the workflow works perfect (since the user has "contribute" access on List A, being member of group G).
But if any user NOT member of group G creates an element in List B, the workflow doesn't work, because it uses the same credentials as the user logged in who doesn't have "contribute" access on List A.
My question is :
Can we and how easy is it to impersonnate another users account in Sharepoint in a workflow process? The goal would be to impersonnate a generic user account that would have "contribute" access on List A and use that account just to make the copy on List A.
My second question is :
If it's not possible to impersonnate (or if it's not a good practice for security matters), how could I manage such a situation?
Thanks,
Claude
One we'll call list A (which is the master list) and list B (which is almost the same list, but with less fields).
- List A is only accessible by a small group of persons (let's call the group G).
- List B is accessible to everybody.
Our workflow is structured in such way that when you create an element in List B, it gets copied in List A and deleted from List B. The goal is to enable anyone to create entries in List A, but with limited access to certain fields.
If a user of group G creates an element in List B, the workflow works perfect (since the user has "contribute" access on List A, being member of group G).
But if any user NOT member of group G creates an element in List B, the workflow doesn't work, because it uses the same credentials as the user logged in who doesn't have "contribute" access on List A.
My question is :
Can we and how easy is it to impersonnate another users account in Sharepoint in a workflow process? The goal would be to impersonnate a generic user account that would have "contribute" access on List A and use that account just to make the copy on List A.
My second question is :
If it's not possible to impersonnate (or if it's not a good practice for security matters), how could I manage such a situation?
Thanks,
Claude
ASKER
You're totally right Teylyn,
I forgot to say we're using Sharepoint 2013. Knowing that and the presumption that 2013 has the ability to impersonnate using a standard workflow step, I will certainly give it a try and let you know the result.
Returning soon with the result...
Claude
I forgot to say we're using Sharepoint 2013. Knowing that and the presumption that 2013 has the ability to impersonnate using a standard workflow step, I will certainly give it a try and let you know the result.
Returning soon with the result...
Claude
ASKER
I tried to find an "Action" that sounded like "Impersonation" but couldn't find one. Do I have to activate something on the server side to enable the access to that "Action"? Do I need to install something on the server to enable the access to that "Action"?
Claude
Claude
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Impersonation doesn't work with Sharepoint 2010 workflows (even in a Sharepoint 2013 site).
you don't give any detail about what version/license of SharePoint you are using.
From SharePoint 2013 onwards, a SharePoint Designer workflow can use an impersonation step to do things that the current user does not have permissions to do.
The person who publishes the workflow will be the account that is used to perform the impersonation step.
You may want to create a special account for this purpose. If you are a SharePoint admin who has access to the list, it will work, but when you quit your job and your account gets terminated, the workflow will fail. So, create a service account, give that account the permissions required, then log in with that account to publish the workflow with the impersonation step in SharePoint Designer.
Let me know if that helps.
cheers, teylyn