Copy from one list to another, but don't have contribute access on that other list

jettaa2vr6
jettaa2vr6 used Ask the Experts™
on
In our Sharepoint site, we have 2 lists.
One we'll call list A (which is the master list) and list B (which is almost the same list, but with less fields).

  • List A is only accessible by a small group of persons (let's call the group G).
  • List B is accessible to everybody.

Our workflow is structured in such way that when you create an element in List B, it gets copied in List A and deleted from List B. The goal is to enable anyone to create entries in List A, but with limited access to certain fields.
If a user of group G creates an element in List B, the workflow works perfect (since the user has "contribute" access on List A, being member of group G).
But if any user NOT member of group G creates an element in List B, the workflow doesn't work, because it uses the same credentials as the user logged in who doesn't have "contribute" access on List A.

My question is :
Can we and how easy is it to impersonnate another users account in Sharepoint in a workflow process? The goal would be to impersonnate a generic user account that would have "contribute" access on List A and use that account just to make the copy on List A.

My second question is :
If it's not possible to impersonnate (or if it's not a good practice for security matters), how could I manage such a situation?

Thanks,
Claude
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011
Awarded 2010

Commented:
Hello,

you don't give any detail about what version/license of SharePoint you are using.

From SharePoint 2013 onwards, a SharePoint Designer workflow can use an impersonation step to do things that the current user does not have permissions to do.

The person who publishes the workflow will be the account that is used to perform the impersonation step.

You may want to create a special account for this purpose. If you are a SharePoint admin who has access to the list, it will work, but when you quit your job and your account gets terminated, the workflow will fail. So, create a service account, give that account the permissions required, then log in with that account to publish the workflow  with the impersonation step in SharePoint Designer.

Let me know if that helps.

cheers, teylyn

Author

Commented:
You're totally right Teylyn,

  I forgot to say we're using Sharepoint 2013. Knowing that and the presumption that 2013 has the ability to impersonnate using a standard workflow step, I will certainly give it a try and let you know the result.

Returning soon with the result...

Claude

Author

Commented:
I tried to find an "Action" that sounded like "Impersonation" but couldn't find one. Do I have to activate something on the server side to enable the access to that "Action"? Do I need to install something on the server to enable the access to that "Action"?

Claude
I made a mistake; our Sharepoint site is 2013, but the workflow has been created with Sharepoint 2010 compatibility, so "impersonation" is not available - and that's why I couldn't find it in the Action List.

Instead of trying to continue to impersonnate, we will delete our LIST B and try to create a second form to access LIST A directly with access to limited fields (so we'll be creating entries directly in LIST A instead of creating in LIST B and moving it to LIST A).

Thanks for your time.
Claude

Author

Commented:
Impersonation doesn't work with Sharepoint 2010 workflows (even in a Sharepoint 2013 site).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial