Dev Notes

Notes on Development with Microsoft Technologies

Setting Permissions on an Item to a Group with Nintex Workflow for O365

Leave a comment

PermissionsActionBlockRecently, one of the summer interns at my company was tasked with creating an expense report solution utilizing O365, Nintex Forms for O365 and Nintex Workflow for O365. As the expense report moves through the approval phases, permissions need to be altered so the original report that has been submitted cannot be changed by the author. This allows the approver to review the expense report without alterations occurring after approval.

In many of the workflows I have built over the years with SharePoint based solutions, I have found this to be a very common requirement. It is easy to understand why there was some initial concern when the intern requested assistance because the Office 365 update item permissions activity in Nintex Workflow for O365 was not working as expected.

The activity is configured to break item inheritance, set the original author with read-only rights and allow a group containing approvers to have access to modify the item. When the workflow executes, it reaches the Office 365 update item permissions where it stops and logs: “An authentication error has occurred”. We attempted changing the credentials used by the activity and continued to receive the same error.

Nintex has a community portal that contains many questions and answers in the use of their products. A search on the portal revealed the following support thread: Office 365 Update Item Permissions – Group name. This thread describes the exact issue we faced, whenever the name of the group was typed directly into the Office 365 update item permissions activity, it fails to resolve the group by name.

In the thread, one of the Nintex employees (Eric Harris) mentions they utilized a workflow variable and set the group via a lookup to the variable. I created a simple list in our O365 tenant where Nintex Workflow is installed and created a very simple workflow. The workflow contains a text variable named Group and two activities. The first activity is to set a workflow variable and is configured to set the variable Group to one of the groups defined on the site. The second activity is the Office 365 update item permissions activity which is set exactly the same as the one in the approval workflow the intern is designing. Instead of typing the name of the group, a lookup to the Group variable is used. This test worked successfully and the permissions for the item in the list changed as intended.


Author: Chris Quick

I have been a developer of web based solutions since early 2001 delivering solutions to a wide array of organizations using ASP, ASP.NET and SharePoint. I was introduced to SharePoint in 2003 when the consulting firm I worked for at the time introduced it into the workplace. I began working with MOSS 2007 as soon as Microsoft released the RTM version in November 2006. The platform was implemented at the organization I worked for in 2007 and went live in March of that year. I was tasked with the administration and ongoing development of the platform. I currently work as a SharePoint Architect with Artis Consulting, developing solutions for a wide variety of business problems. The goal of this blog is to share my discoveries developing solutions with SharePoint. I welcome your comments and feedback to any post -- and I welcome suggestions for future topics.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s