Link to home
Start Free TrialLog in
Avatar of jettaa2vr6
jettaa2vr6Flag for Canada

asked on

Copy from one list to another, but don't have contribute access on that other list

In our Sharepoint site, we have 2 lists.
One we'll call list A (which is the master list) and list B (which is almost the same list, but with less fields).

  • List A is only accessible by a small group of persons (let's call the group G).
  • List B is accessible to everybody.

Our workflow is structured in such way that when you create an element in List B, it gets copied in List A and deleted from List B. The goal is to enable anyone to create entries in List A, but with limited access to certain fields.
If a user of group G creates an element in List B, the workflow works perfect (since the user has "contribute" access on List A, being member of group G).
But if any user NOT member of group G creates an element in List B, the workflow doesn't work, because it uses the same credentials as the user logged in who doesn't have "contribute" access on List A.

My question is :
Can we and how easy is it to impersonnate another users account in Sharepoint in a workflow process? The goal would be to impersonnate a generic user account that would have "contribute" access on List A and use that account just to make the copy on List A.

My second question is :
If it's not possible to impersonnate (or if it's not a good practice for security matters), how could I manage such a situation?

Thanks,
Claude
Avatar of Ingeborg Hawighorst (Microsoft MVP / EE MVE)
Ingeborg Hawighorst (Microsoft MVP / EE MVE)
Flag of New Zealand image

Hello,

you don't give any detail about what version/license of SharePoint you are using.

From SharePoint 2013 onwards, a SharePoint Designer workflow can use an impersonation step to do things that the current user does not have permissions to do.

The person who publishes the workflow will be the account that is used to perform the impersonation step.

You may want to create a special account for this purpose. If you are a SharePoint admin who has access to the list, it will work, but when you quit your job and your account gets terminated, the workflow will fail. So, create a service account, give that account the permissions required, then log in with that account to publish the workflow  with the impersonation step in SharePoint Designer.

Let me know if that helps.

cheers, teylyn
Avatar of jettaa2vr6

ASKER

You're totally right Teylyn,

  I forgot to say we're using Sharepoint 2013. Knowing that and the presumption that 2013 has the ability to impersonnate using a standard workflow step, I will certainly give it a try and let you know the result.

Returning soon with the result...

Claude
I tried to find an "Action" that sounded like "Impersonation" but couldn't find one. Do I have to activate something on the server side to enable the access to that "Action"? Do I need to install something on the server to enable the access to that "Action"?

Claude
ASKER CERTIFIED SOLUTION
Avatar of jettaa2vr6
jettaa2vr6
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Impersonation doesn't work with Sharepoint 2010 workflows (even in a Sharepoint 2013 site).