Jan 27
SharePoint Designer Workflow Security Context
Sebastian Atar
I'm in my second year with C/D/H and look forward to using my 10+ years of IT experience, along with my MBA background in finance and lean operations to solve business problems.
Most recently, this has involved using Microsoft Office SharePoint Server to enable collaboration and sharing of information, as well as Novell Identity Manager to simplify management of user accounts.
When not working, I enjoy spending time with my wife and son. We love visiting family in Seattle and New York. When not traveling, we pass time reading, gardening and BBQ-ing with family.
More about Sebastian
Articles by Sebastian Atar
Yesterday, a client contacted me about an issue with a SPD workflow they created to copy items between document libraries.
In short, User A has access to both document libraries. User B has access to the first library, but not the second. The workflow (WF) copies new items from the first library to the second. User A can add an item to the first library and WF works properly. When User B adds an item to the first library, the WF fails in copying to the second.
This is an expected result, as SPD workflows run in the context of the WF initiator.
The solution?
Well, there are two possibilities. The first involves custom workflows with Visual Studio. The second is a little more forgiving if you don’t have developer resources in your IT department and don’t have the funds to hire a consultant.
There is a Codeplex project called “Useful SharePoint Designer Custom Workflow Activities” which includes an activity called “Copy List Item Extended Activity”. This will do exactly what you want in that it impersonates SYSTEM account!
Warning: This custom action presents a potential security issue. Because it runs as SHAREPOINT\system it can copy file/items to any site in the farm. A user with access to create SPD workflows on any site, can set this activity up to copy to sites that he/she does not have access to. If you do not want this behavior, I suggest you remove this activity from DPWorkflow.Actions file, located in [SPHive]\TEMPLATE\1033\Workflow\ folder.