Jan 27
SharePoint Designer Workflow Security Context
Yesterday, a client contacted me about an issue with a SPD workflow they created to copy items between document libraries.
In short, User A has access to both document libraries. User B has access to the first library, but not the second. The workflow (WF) copies new items from the first library to the second. User A can add an item to the first library and WF works properly. When User B adds an item to the first library, the WF fails in copying to the second.
This is an expected result, as SPD workflows run in the context of the WF initiator.
The solution?
Well, there are two possibilities. The first involves custom workflows with Visual Studio. The second is a little more forgiving if you don’t have developer resources in your IT department and don’t have the funds to hire a consultant.
There is a Codeplex project called “Useful SharePoint Designer Custom Workflow Activities” which includes an activity called “Copy List Item Extended Activity”. This will do exactly what you want in that it impersonates SYSTEM account!
Warning: This custom action presents a potential security issue. Because it runs as SHAREPOINT\system it can copy file/items to any site in the farm. A user with access to create SPD workflows on any site, can set this activity up to copy to sites that he/she does not have access to. If you do not want this behavior, I suggest you remove this activity from DPWorkflow.Actions file, located in [SPHive]\TEMPLATE\1033\Workflow\ folder.