Recently, one of the summer interns at my company was tasked with creating an expense report solution utilizing O365, Nintex Forms for O365 and Nintex Workflow for O365. As the expense report moves through the approval phases, permissions need to be altered so the original report that has been submitted cannot be changed by the author. This allows the approver to review the expense report without alterations occurring after approval.
In many of the workflows I have built over the years with SharePoint based solutions, I have found this to be a very common requirement. It is easy to understand why there was some initial concern when the intern requested assistance because the Office 365 update item permissions activity in Nintex Workflow for O365 was not working as expected.
The activity is configured to break item inheritance, set the original author with read-only rights and allow a group containing approvers to have access to modify the item. When the workflow executes, it reaches the Office 365 update item permissions where it stops and logs: “An authentication error has occurred”. We attempted changing the credentials used by the activity and continued to receive the same error.
Nintex has a community portal that contains many questions and answers in the use of their products. A search on the portal revealed the following support thread: Office 365 Update Item Permissions – Group name. This thread describes the exact issue we faced, whenever the name of the group was typed directly into the Office 365 update item permissions activity, it fails to resolve the group by name.
In the thread, one of the Nintex employees (Eric Harris) mentions they utilized a workflow variable and set the group via a lookup to the variable. I created a simple list in our O365 tenant where Nintex Workflow is installed and created a very simple workflow. The workflow contains a text variable named Group and two activities. The first activity is to set a workflow variable and is configured to set the variable Group to one of the groups defined on the site. The second activity is the Office 365 update item permissions activity which is set exactly the same as the one in the approval workflow the intern is designing. Instead of typing the name of the group, a lookup to the Group variable is used. This test worked successfully and the permissions for the item in the list changed as intended.