SharePoint Designer Workflow Security Context
This afternoon, a client contacted me about an issue with a SPD workflow they created to copy items between document libraries. In short…
User A has access to both document libraries. User B has access to the first library, but not the second. The WF copies new items from the first library to the second. User A can add an item to the first library and WF works properly. When User B adds an item to the first library, the WF fails in copying it to the second.
This is an expected result, as SPD workflows run in the context of the WF initiator.
The solution? Well, there are two possibilities. The first involves custom workflows with Visual Studio. The second is a little more forgiving if you do not have developer resources in your IT department and don’t have the funds to hire a consultant.
There is a Codeplex project called “Useful SharePoint Designer Custom Workflow Activities” which includes an activity called “Copy List Item Extended Activity”. This will do exactly what you want in that it impersonates SYSTEM account!
A word of warning, as the above link states this creates a possible security risk. Use at your discretion.
Warning: This custom action presents a potential security issue. Because it runs as SHAREPOINT\system it can copy file/items to any site in the farm. A user with access to create SPD workflows on any one site, can set this activity up to copy to sites that he does not have access to. If you do not want this behavior I suggest you remove this activity from DPWorkflow.Actions file, located in [SPHive]\TEMPLATE\1033\Workflow\ folder.
Filed under: Uncategorized | Leave a Comment
No Responses Yet to “SharePoint Designer Workflow Security Context”