Copy from one list to another, but don't have contribute access on that other list

In our Sharepoint site, we have 2 lists.
One we'll call list A (which is the master list) and list B (which is almost the same list, but with less fields).

  • List A is only accessible by a small group of persons (let's call the group G).
  • List B is accessible to everybody.

Our workflow is structured in such way that when you create an element in List B, it gets copied in List A and deleted from List B. The goal is to enable anyone to create entries in List A, but with limited access to certain fields.
If a user of group G creates an element in List B, the workflow works perfect (since the user has "contribute" access on List A, being member of group G).
But if any user NOT member of group G creates an element in List B, the workflow doesn't work, because it uses the same credentials as the user logged in who doesn't have "contribute" access on List A.

My question is :
Can we and how easy is it to impersonnate another users account in Sharepoint in a workflow process? The goal would be to impersonnate a generic user account that would have "contribute" access on List A and use that account just to make the copy on List A.

My second question is :
If it's not possible to impersonnate (or if it's not a good practice for security matters), how could I manage such a situation?

Thanks,
Claude
jettaa2vr6Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ingeborg Hawighorst (Microsoft MVP / EE MVE)Microsoft MVP ExcelCommented:
Hello,

you don't give any detail about what version/license of SharePoint you are using.

From SharePoint 2013 onwards, a SharePoint Designer workflow can use an impersonation step to do things that the current user does not have permissions to do.

The person who publishes the workflow will be the account that is used to perform the impersonation step.

You may want to create a special account for this purpose. If you are a SharePoint admin who has access to the list, it will work, but when you quit your job and your account gets terminated, the workflow will fail. So, create a service account, give that account the permissions required, then log in with that account to publish the workflow  with the impersonation step in SharePoint Designer.

Let me know if that helps.

cheers, teylyn
jettaa2vr6Author Commented:
You're totally right Teylyn,

  I forgot to say we're using Sharepoint 2013. Knowing that and the presumption that 2013 has the ability to impersonnate using a standard workflow step, I will certainly give it a try and let you know the result.

Returning soon with the result...

Claude
jettaa2vr6Author Commented:
I tried to find an "Action" that sounded like "Impersonation" but couldn't find one. Do I have to activate something on the server side to enable the access to that "Action"? Do I need to install something on the server to enable the access to that "Action"?

Claude
jettaa2vr6Author Commented:
I made a mistake; our Sharepoint site is 2013, but the workflow has been created with Sharepoint 2010 compatibility, so "impersonation" is not available - and that's why I couldn't find it in the Action List.

Instead of trying to continue to impersonnate, we will delete our LIST B and try to create a second form to access LIST A directly with access to limited fields (so we'll be creating entries directly in LIST A instead of creating in LIST B and moving it to LIST A).

Thanks for your time.
Claude

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jettaa2vr6Author Commented:
Impersonation doesn't work with Sharepoint 2010 workflows (even in a Sharepoint 2013 site).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.